Description
A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website.

This vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials.
Note: The affected vKVM client is also included in Cisco UCS Manager.
Published: 2025-08-27
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-25946 A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials. Note: The affected vKVM client is also included in Cisco UCS Manager.
History

Wed, 27 Aug 2025 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco integrated Management Controller
Cisco ucs Manager
Cisco virtual Keyboard Video Monitor
Vendors & Products Cisco
Cisco integrated Management Controller
Cisco ucs Manager
Cisco virtual Keyboard Video Monitor

Wed, 27 Aug 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 Aug 2025 16:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials. Note: The affected vKVM client is also included in Cisco UCS Manager.
Title Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability
Weaknesses CWE-601
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N'}

Subscriptions

Cisco Integrated Management Controller Ucs Manager Virtual Keyboard Video Monitor
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2025-08-27T18:52:07.395Z

Reserved: 2024-10-10T19:15:13.253Z

Link: CVE-2025-20317

cve-icon Vulnrichment

Updated: 2025-08-27T17:24:39.117Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-27T17:15:36.140

Modified: 2025-08-29T16:24:09.860

Link: CVE-2025-20317

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-27T21:57:35Z

Weaknesses