A critical security flaw has been discovered in the Cisco Catalyst Center Virtual Appliance (running on VMware ESXi) that allows attackers with relatively low permissions to escalate their access to full administrator level. According to the advisory, this vulnerability is tracked as CVE-2025-20341 and carries a high severity, with a CVSS score of 8.8.
The root cause of this vulnerability is poor input validation: the appliance doesn’t properly sanitize HTTP requests, so an attacker can submit specially crafted data that tricks the system into elevating privileges. What’s especially concerning is how easily it can be exploited: someone with only Observer-level credentials—just read-only access—can leverage this bug to gain Administrator rights.
Once an attacker becomes an administrator, they can do practically anything: create new user accounts, change system settings, or otherwise undermine the network’s security posture.
Cisco identified the issue internally while working on a support case. They have released a fix: version 2.3.7.10-VA of the virtual appliance patches the flaw, and users who are running affected versions (2.3.7.3-VA and later) should update immediately. Notably, hardware appliances and AWS-based virtual appliances are not affected by this particular issue.
Unfortunately, there are no workarounds — the only way to secure systems is to apply the software update.
What I Think About This
I believe this vulnerability is very serious. Giving an “Observer” the ability to escalate to admin is a major misstep, especially in network-management tools where administrator access usually means full control over configurations.
On the upside, Cisco has already addressed the issue with a specific fixed version, which shows that they took the risk seriously. But still, any delay in updating could leave critical infrastructure exposed. So, in my view, if you’re using Catalyst Center Virtual Appliance, you need to act now and deploy the patch.
Mourad Maacha 
Leave a comment