CVE-2025-20261: Cisco IMC SSH Priv Escalation to Internal Services
CVE-2025-20261 Published on June 4, 2025
Cisco Integrated Management Controller Privilege Escalation Vulnerability
A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.
This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.
Vulnerability Analysis
CVE-2025-20261 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Improper Restriction of Communication Channel to Intended Endpoints
The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
Products Associated with CVE-2025-20261
Want to know whenever a new CVE is published for Cisco Unified Computing System? stack.watch will email you.
Affected Versions
Cisco Unified Computing System (Managed):- Version 4.0(1a) is affected.
- Version 3.2(3n) is affected.
- Version 4.1(1a) is affected.
- Version 4.1(1b) is affected.
- Version 4.0(4h) is affected.
- Version 4.1(1c) is affected.
- Version 3.2(3k) is affected.
- Version 3.2(2c) is affected.
- Version 4.0(4e) is affected.
- Version 4.0(4g) is affected.
- Version 3.2(3i) is affected.
- Version 4.0(2e) is affected.
- Version 3.2(3g) is affected.
- Version 4.0(4a) is affected.
- Version 4.0(2d) is affected.
- Version 3.2(2d) is affected.
- Version 4.0(1b) is affected.
- Version 4.0(4f) is affected.
- Version 3.2(3h) is affected.
- Version 3.2(2f) is affected.
- Version 4.0(4c) is affected.
- Version 3.2(3a) is affected.
- Version 4.0(1c) is affected.
- Version 3.2(3d) is affected.
- Version 3.2(2b) is affected.
- Version 4.0(4b) is affected.
- Version 3.2(2e) is affected.
- Version 4.0(2b) is affected.
- Version 4.0(4d) is affected.
- Version 3.2(1d) is affected.
- Version 3.2(3e) is affected.
- Version 3.2(3l) is affected.
- Version 3.2(3b) is affected.
- Version 4.0(2a) is affected.
- Version 3.2(3j) is affected.
- Version 4.0(1d) is affected.
- Version 3.2(3o) is affected.
- Version 4.0(4i) is affected.
- Version 4.1(1d) is affected.
- Version 4.1(2a) is affected.
- Version 4.1(1e) is affected.
- Version 3.2(3p) is affected.
- Version 4.1(2b) is affected.
- Version 4.0(4k) is affected.
- Version 4.1(3a) is affected.
- Version 4.1(3b) is affected.
- Version 4.1(2c) is affected.
- Version 4.0(4l) is affected.
- Version 4.1(4a) is affected.
- Version 4.1(3c) is affected.
- Version 4.1(3d) is affected.
- Version 4.2(1c) is affected.
- Version 4.2(1d) is affected.
- Version 4.0(4m) is affected.
- Version 4.1(3e) is affected.
- Version 4.2(1f) is affected.
- Version 4.1(3f) is affected.
- Version 4.2(1i) is affected.
- Version 4.2(1k) is affected.
- Version 4.0(4n) is affected.
- Version 4.1(3h) is affected.
- Version 4.2(1l) is affected.
- Version 4.2(1m) is affected.
- Version 4.1(3i) is affected.
- Version 4.2(2a) is affected.
- Version 4.2(1n) is affected.
- Version 4.1(3j) is affected.
- Version 4.2(2c) is affected.
- Version 4.2(2d) is affected.
- Version 4.2(3b) is affected.
- Version 4.1(3k) is affected.
- Version 4.0(4o) is affected.
- Version 4.2(2e) is affected.
- Version 4.2(3d) is affected.
- Version 4.2(3e) is affected.
- Version 4.2(3g) is affected.
- Version 4.1(3l) is affected.
- Version 4.3(2b) is affected.
- Version 4.2(3h) is affected.
- Version 4.2(3i) is affected.
- Version 4.3(2c) is affected.
- Version 4.1(3m) is affected.
- Version 4.3(2e) is affected.
- Version 4.3(3a) is affected.
- Version 4.2(3j) is affected.
- Version 4.3(3c) is affected.
- Version 4.3(4a) is affected.
- Version 4.3(4b) is affected.
- Version 4.3(2f) is affected.
- Version 4.1(3n) is affected.
- Version 4.0(2g) is affected.
- Version 3.1(2i) is affected.
- Version 3.1(1d) is affected.
- Version 4.0(4i) is affected.
- Version 4.1(1c) is affected.
- Version 4.0(2c) is affected.
- Version 4.0(1e) is affected.
- Version 4.0(2h) is affected.
- Version 4.0(4h) is affected.
- Version 4.0(1h) is affected.
- Version 4.0(2l) is affected.
- Version 3.1(3g) is affected.
- Version 4.0(1.240) is affected.
- Version 4.0(2f) is affected.
- Version 4.0(1g) is affected.
- Version 4.0(2i) is affected.
- Version 3.1(3i) is affected.
- Version 4.0(4d) is affected.
- Version 4.1(1d) is affected.
- Version 3.1(3c) is affected.
- Version 4.0(4k) is affected.
- Version 3.1(2d) is affected.
- Version 3.1(3a) is affected.
- Version 3.1(3j) is affected.
- Version 4.0(2d) is affected.
- Version 4.1(1f) is affected.
- Version 4.0(4j) is affected.
- Version 4.0(2m) is affected.
- Version 4.0(2k) is affected.
- Version 4.0(1c) is affected.
- Version 4.0(4f) is affected.
- Version 4.0(4c) is affected.
- Version 3.1(3d) is affected.
- Version 3.1(2g) is affected.
- Version 3.1(2c) is affected.
- Version 4.0(1d) is affected.
- Version 3.1(2e) is affected.
- Version 4.0(1a) is affected.
- Version 4.0(1b) is affected.
- Version 3.1(3b) is affected.
- Version 4.0(4b) is affected.
- Version 3.1(2b) is affected.
- Version 4.0(4e) is affected.
- Version 3.1(3h) is affected.
- Version 4.0(4l) is affected.
- Version 4.1(1g) is affected.
- Version 4.1(2a) is affected.
- Version 4.0(2n) is affected.
- Version 4.1(1h) is affected.
- Version 3.1(3k) is affected.
- Version 4.1(2b) is affected.
- Version 4.0(2o) is affected.
- Version 4.0(4m) is affected.
- Version 4.1(2d) is affected.
- Version 4.1(3b) is affected.
- Version 4.0(2p) is affected.
- Version 4.1(2e) is affected.
- Version 4.1(2f) is affected.
- Version 4.0(4n) is affected.
- Version 4.0(2q) is affected.
- Version 4.1(3c) is affected.
- Version 4.0(2r) is affected.
- Version 4.1(3d) is affected.
- Version 4.1(2g) is affected.
- Version 4.1(2h) is affected.
- Version 4.1(3g) is affected.
- Version 4.1(3f) is affected.
- Version 4.1(2j) is affected.
- Version 4.1(2k) is affected.
- Version 4.1(3h) is affected.
- Version 4.2(2a) is affected.
- Version 4.1(3i) is affected.
- Version 4.1(3l) is affected.
- Version 4.2(1e) is affected.
- Version 4.2(1b) is affected.
- Version 4.2(1j) is affected.
- Version 4.2(1i) is affected.
- Version 4.2(1f) is affected.
- Version 4.2(1a) is affected.
- Version 4.2(1c) is affected.
- Version 4.2(1g) is affected.
- Version 4.1(2l) is affected.
- Version 4.1(3m) is affected.
- Version 4.1(2m) is affected.
- Version 4.1(3n) is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.