DLL Hijacking via IPC in Cisco Secure Client (HostScan)
CVE-2025-20206 Published on March 5, 2025

Cisco Secure Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability
A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to a specific Cisco Secure Client process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid user credentials on the Windows system.

NVD

Vulnerability Analysis

CVE-2025-20206 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

NONE

Weakness Type

Improper Verification of Cryptographic Signature

The software does not verify, or incorrectly verifies, the cryptographic signature for data.

Products Associated with CVE-2025-20206

Want to know whenever a new CVE is published for Cisco Secure Client? stack.watch will email you.

Cisco Secure Client

Affected Versions

Cisco Secure Client:

Version 4.9.00086 is affected.
Version 4.9.01095 is affected.
Version 4.9.02028 is affected.
Version 4.9.03047 is affected.
Version 4.9.03049 is affected.
Version 4.9.04043 is affected.
Version 4.9.04053 is affected.
Version 4.9.05042 is affected.
Version 4.9.06037 is affected.
Version 4.10.00093 is affected.
Version 4.10.01075 is affected.
Version 4.10.02086 is affected.
Version 4.10.03104 is affected.
Version 4.10.04065 is affected.
Version 4.10.04071 is affected.
Version 4.10.05085 is affected.
Version 4.10.05095 is affected.
Version 5.0.00238 is affected.
Version 4.10.05111 is affected.
Version 5.0.00529 is affected.
Version 5.0.00556 is affected.
Version 4.10.06079 is affected.
Version 5.0.01242 is affected.
Version 4.10.06090 is affected.
Version 5.0.02075 is affected.
Version 4.10.07061 is affected.
Version 5.0.03072 is affected.
Version 4.10.07062 is affected.
Version 5.0.03076 is affected.
Version 5.0.04032 is affected.
Version 4.10.07073 is affected.
Version 5.0.05040 is affected.
Version 5.1.0.136 is affected.
Version 5.1.1.42 is affected.
Version 4.10.08025 is affected.
Version 5.1.2.42 is affected.
Version 4.10.08029 is affected.
Version 5.1.3.62 is affected.
Version 5.1.4.74 is affected.
Version 5.1.5.65 is affected.
Version 5.1.6.103 is affected.
Version 5.1.7.80 is affected.

Exploit Probability

EPSS

0.02%

Percentile

4.63%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.