CVE-2025-20308

Published: Jul 2, 2025Modified: Jul 23, 2025

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient restrictions during the execution of specific CLI commands. An attacker could exploit this vulnerability by logging in to the Cisco Spaces Connector CLI as the spacesadmin user and executing a specific command with crafted parameters. A successful exploit could allow the attacker to elevate privileges from the spacesadmin user and execute arbitrary commands on the underlying operating system as root.

Affected (8)

Products: Cisco: Spaces Connector

Cisco

1 product

Spaces Connector

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Cisco Spaces Connector	Version 3.0
Cisco Spaces Connector	Version 3.0 jan_2023
Cisco Spaces Connector	Version 3.0 jan_2024
Cisco Spaces Connector	Version 3.0 jan_2025
Cisco Spaces Connector	Version 3.0 july_2024
Cisco Spaces Connector	Version 3.0 may_2023
Cisco Spaces Connector	Version 3.0 may_2024
Cisco Spaces Connector	Version 3.0 sep_2022

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spaces-conn-privesc-kgD2CcDU

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.