Cisco Catalyst Center Vulnerability Allows Attackers to Escalate Privileges

A critical security vulnerability has been identified in the Cisco Catalyst Center Virtual Appliance that could enable authenticated, remote attackers to escalate their privileges to Administrator on affected systems.

This vulnerability CVE-2025-20341 caused by insufficient validation of user-supplied input, underscores the urgent need for patching among organizations that use the affected platform.

The vulnerability resides within the Cisco Catalyst Center Virtual Appliance running on VMware ESXi.

According to Cisco’s official advisory, the vulnerability allows an attacker with legitimate credentialsspecifically, any user account holding at least the Observer role to submit crafted HTTP requests to the system.

Successful exploitation enables attackers to perform unauthorized system modifications, such as creating new user accounts or elevating their own privileges, thereby compromising the appliance’s administrative controls.

This risk is especially concerning because attackers do not need initial Administrator privileges to exploit the vulnerability. Instead, any valid Observer-level account provides ...