CVE-2025-33093 – IBM Sterling Partner Engagement Manager Vulnerability
May 8, 2025CVE-2025-27533 – Apache ActiveMQ Vulnerability
May 8, 2025CVE-2025-33093 – IBM Sterling Partner Engagement Manager Vulnerability
May 8, 2025CVE-2025-27533 – Apache ActiveMQ Vulnerability
May 8, 2025Severity
Medium
Analysis Summary
CVE-2025-20223 CVSS:4.7
A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device.
CVE-2025-20210 CVSS:7.3
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings.
CVE-2025-20202 CVSS:7.4
A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
CVE-2025-20213 CVSS:5.5
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid read-only credentials with CLI access on the affected system.
CVE-2025-20221 CVSS:5.3
A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters.
CVE-2025-20214 CVSS:4.3
A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or operational data.
CVE-2025-20216 CVSS:4.7
A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user.
CVE-2025-20198 CVSS:4.6
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device.
CVE-2025-20201 CVSS:6.7
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device.
CVE-2025-20197 CVSS:6.7
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device.
Impact
- Data Manipulation
- Security Bypass
- Denial of Service
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2025-20223
- CVE-2025-20210
- CVE-2025-20202
- CVE-2025-20213
- CVE-2025-20221
- CVE-2025-20214
- CVE-2025-20216
- CVE-2025-20198
- CVE-2025-20201
- CVE-2025-20197
Affected Vendors
- Cisco
Affected Products
- Cisco IOS XE SD-WAN Software
- Cisco IOS XE Wireless Controller Software
- Cisco Digital Network Architecture Center
Remediation
Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.