CVE-2025-20147 | Cisco SD-WAN vManage Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scripting attack (XSS) on an affected system.  This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system.

Published: 2025-05-07 Last update: 2025-07-31 Assigner: [email protected] Source: [email protected]
NVD Status:AnalyzedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2025-20147 is rated Low Risk (27.9/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.26%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-20147

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.12% 0.26% +0.14%
2 2026-03-03 0.03% 0.12% +0.09%
3 2025-11-21 0.03%

Full EPSS history (7 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-20147

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.4 3.1 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:R)
A real person has to do something—click, install, enable—otherwise it doesn’t land.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:L)
Some sensitive info could get out, but not a total data dump.
Integrity (I:L)
Attackers could change some data, but it’s limited—not everything goes.
Availability (A:N)
Service keeps running; no real outage angle.
 2.3 2.7 [email protected]

Weakness enumeration for CVE-2025-20147

Affected software / configurations for CVE-2025-20147

Vendor Product Version Raw CPE
cisco catalyst_sd-wan_manager 17.2.4 cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.4:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 17.2.5 cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.5:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 17.2.6 cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.6:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 17.2.7 cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.7:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 17.2.8 cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.8:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 17.2.9 cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.9:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 17.2.10 cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.10:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.2.0 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.2.0:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.3.0 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.0:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.3.1 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.3.1.1 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1.1:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.3.3 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.3.3.1 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3.1:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.3.4 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.4:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.3.5 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.5:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.3.6 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.6:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.3.6.1 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.6.1:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.3.7 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.7:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.3.8 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.8:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.4.0 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.4.0.1 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0.1:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.4.1 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.1:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.4.3 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.3:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.4.4 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.4:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.4.5 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.5:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.4.6 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.6:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.4.302 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.302:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.4.303 cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.303:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 18.4.501_es cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.501_es:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.0.0 cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.0.0:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.0.1a cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.0.1a:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.1.0 cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.1.0:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.2.0 cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.0:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.2.1 cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.1:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.2.2 cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.2:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.2.3 cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.3:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.2.4 cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.4:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.2.4.0.1 cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.4.0.1:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.2.4.0.8 cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.4.0.8:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.2.4.0.9 cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.4.0.9:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.2.31 cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.31:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.2.32 cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.32:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.2.097 cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.097:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.2.098 cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.098:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.2.099 cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.099:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.2.929 cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.929:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 19.3.0 cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.3.0:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.1.1 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.1.1.1 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1.1:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.1.2 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.2:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.1.2_937 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.2_937:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.1.3 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.3:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.1.3.1 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.3.1:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.1.12 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.12:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.1 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.1:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.2 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.2.0.5 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2.0.5:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.2.0.6 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2.0.6:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.2.1 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2.1:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.2.1_927 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2.1_927:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.2.1_930 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2.1_930:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.2_925 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2_925:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.2_928 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2_928:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.2_929 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2_929:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.2_937 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2_937:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.3 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.3.0.2 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3.0.2:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.3.0.4 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3.0.4:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.3.0.8 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3.0.8:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.3.0.14 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3.0.14:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.3.0.16 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3.0.16:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.3.0.17 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3.0.17:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.3.0.18 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3.0.18:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.3.1 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3.1:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.3.1.1 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3.1.1:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.3.1.2 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3.1.2:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.3.1.5 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3.1.5:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.3.1.7 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3.1.7:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.3.1.10 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3.1.10:*:*:*:*:*:*:*
cisco catalyst_sd-wan_manager 20.3.3.2 cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3.2:*:*:*:*:*:*:*

References for CVE-2025-20147

cvelogic Threat Intelligence