Unauth API Exposes Proxy Config in Cisco Catalyst Center
CVE-2025-20210 Published on May 7, 2025

Cisco Catalyst Center Unprotected API Endpoint
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could exploit this vulnerability by sending a request to the affected API of a Catalyst Center device. A successful exploit could allow the attacker to view or modify the outgoing proxy configuration, which could disrupt internet traffic from Cisco Catalyst Center or may allow the attacker to intercept outbound internet traffic.

NVD

Vulnerability Analysis

CVE-2025-20210 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

LOW

Weakness Type

Missing Authentication for Critical Function

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Products Associated with CVE-2025-20210

Want to know whenever a new CVE is published for Cisco Catalyst Center? stack.watch will email you.

Cisco Catalyst Center

Affected Versions

Cisco Digital Network Architecture Center (DNA Center):

Version 2.1.1.0 is affected.
Version 2.1.1.3 is affected.
Version 2.1.2.0 is affected.
Version 2.1.2.3 is affected.
Version 2.1.2.4 is affected.
Version 2.1.2.5 is affected.
Version 2.2.1.0 is affected.
Version 2.1.2.6 is affected.
Version 2.2.2.0 is affected.
Version 2.2.2.1 is affected.
Version 2.2.2.3 is affected.
Version 2.1.2.7 is affected.
Version 2.2.1.3 is affected.
Version 2.2.3.0 is affected.
Version 2.2.2.4 is affected.
Version 2.2.2.5 is affected.
Version 2.2.3.3 is affected.
Version 2.2.2.7 is affected.
Version 2.2.2.6 is affected.
Version 2.2.2.8 is affected.
Version 2.2.3.4 is affected.
Version 2.1.2.8 is affected.
Version 2.3.2.1 is affected.
Version 2.3.2.1-AIRGAP is affected.
Version 2.3.2.1-AIRGAP-CA is affected.
Version 2.2.3.5 is affected.
Version 2.3.3.0 is affected.
Version 2.3.3.3 is affected.
Version 2.3.3.1-AIRGAP is affected.
Version 2.3.3.1 is affected.
Version 2.3.2.3 is affected.
Version 2.3.3.3-AIRGAP is affected.
Version 2.2.3.6 is affected.
Version 2.2.2.9 is affected.
Version 2.3.3.0-AIRGAP is affected.
Version 2.3.3.3-AIRGAP-CA is affected.
Version 2.3.3.4 is affected.
Version 2.3.3.4-AIRGAP is affected.
Version 2.3.3.4-AIRGAP-MDNAC is affected.
Version 2.3.3.4-HF1 is affected.
Version 2.3.4.0 is affected.
Version 2.3.3.5 is affected.
Version 2.3.3.5-AIRGAP is affected.
Version 2.3.4.0-AIRGAP is affected.
Version 2.3.4.3 is affected.
Version 2.3.4.3-AIRGAP is affected.
Version 2.3.3.6 is affected.
Version 2.3.5.0 is affected.
Version 2.3.3.6-AIRGAP is affected.
Version 2.3.5.0-AIRGAP is affected.
Version 2.3.3.6-AIRGAP-MDNAC is affected.
Version 2.3.5.0-AIRGAP-MDNAC is affected.
Version 2.3.3.7 is affected.
Version 2.3.3.7-AIRGAP is affected.
Version 2.3.3.7-AIRGAP-MDNAC is affected.
Version 2.3.6.0 is affected.
Version 2.3.3.6-70045-HF1 is affected.
Version 2.3.3.7-72328-AIRGAP is affected.
Version 2.3.3.7-72323 is affected.
Version 2.3.3.7-72328-MDNAC is affected.
Version 2.3.5.3 is affected.
Version 2.3.5.3-AIRGAP-MDNAC is affected.
Version 2.3.5.3-AIRGAP is affected.
Version 2.3.6.0-AIRGAP is affected.
Version 2.3.7.0 is affected.
Version 2.3.7.0-AIRGAP is affected.
Version 2.3.7.0-AIRGAP-MDNAC is affected.
Version 2.3.7.0-VA is affected.
Version 2.3.5.4 is affected.
Version 2.3.5.4-AIRGAP is affected.
Version 2.3.5.4-AIRGAP-MDNAC is affected.
Version 2.3.7.3 is affected.
Version 2.3.7.3-AIRGAP is affected.
Version 2.3.7.3-AIRGAP-MDNAC is affected.
Version 2.3.5.5-AIRGAP is affected.
Version 2.3.5.5 is affected.
Version 2.3.5.5-AIRGAP-MDNAC is affected.
Version 2.3.7.4 is affected.
Version 2.3.7.4-AIRGAP is affected.
Version 2.3.7.4-AIRGAP-MDNAC is affected.
Version 2.3.7.5-AIRGAP is affected.
Version 2.3.7.5-VA is affected.
Version 2.3.5.6-AIRGAP is affected.
Version 2.3.5.6 is affected.
Version 2.3.5.6-AIRGAP-MDNAC is affected.
Version 2.3.7.6-AIRGAP is affected.
Version 2.3.7.6 is affected.
Version 2.3.7.6-VA is affected.
Version 2.3.5.5-70026-HF70 is affected.
Version 2.3.5.5-70026-HF51 is affected.
Version 2.3.5.6-70143-HF20 is affected.
Version 2.3.7.6-AIRGAP-MDNAC is affected.
Version 2.3.5.5-70026-HF52 is affected.
Version 2.3.5.5-70026-HF53 is affected.
Version 2.3.5.5-70026-HF71 is affected.
Version 2.3.7.7 is affected.
Version 2.3.7.7-VA is affected.
Version 2.3.7.7-AIRGAP is affected.
Version 2.3.7.7-AIRGAP-MDNAC is affected.
Version 2.3.5.5-70026-HF72 is affected.

Exploit Probability

EPSS

0.25%

Percentile

47.59%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.