Cisco Catalyst Center RBAC Escalation via Read-Only Credentials
CVE-2025-20346 Published on November 13, 2025
Cisco Catalyst Center Privilege Escalation Vulnerability
A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials.
This vulnerability is due to improper role-based access control (RBAC). An attacker could exploit this vulnerability by logging in to an affected system and modifying certain policy configurations. A successful exploit could allow the attacker to modify policy configurations that are reserved for the Administrator role. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.
Vulnerability Analysis
CVE-2025-20346 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2025-20346
stack.watch emails you whenever new vulnerabilities are published in Cisco Dna Center or Cisco Catalyst Center. Just hit a watch button to start following.
Affected Versions
Cisco Digital Network Architecture Center (DNA Center):- Version 2.1.1.0 is affected.
- Version 2.1.1.3 is affected.
- Version 2.1.2.0 is affected.
- Version 2.1.2.3 is affected.
- Version 2.1.2.5 is affected.
- Version 2.2.1.0 is affected.
- Version 2.1.2.6 is affected.
- Version 2.2.2.0 is affected.
- Version 2.2.2.3 is affected.
- Version 2.1.2.7 is affected.
- Version 2.2.1.3 is affected.
- Version 2.2.3.0 is affected.
- Version 2.2.2.4 is affected.
- Version 2.2.2.5 is affected.
- Version 2.2.3.3 is affected.
- Version 2.2.2.7 is affected.
- Version 2.2.2.6 is affected.
- Version 2.2.2.8 is affected.
- Version 2.2.3.4 is affected.
- Version 2.3.2.1 is affected.
- Version 2.3.2.1-AIRGAP is affected.
- Version 2.3.2.1-AIRGAP-CA is affected.
- Version 2.2.3.5 is affected.
- Version 2.3.3.3 is affected.
- Version 2.3.3.1-AIRGAP is affected.
- Version 2.3.3.1 is affected.
- Version 2.3.2.3 is affected.
- Version 2.3.3.3-AIRGAP is affected.
- Version 2.2.2.9 is affected.
- Version 2.3.3.0-AIRGAP is affected.
- Version 2.3.3.4 is affected.
- Version 2.3.3.4-AIRGAP is affected.
- Version 2.3.3.4-AIRGAP-MDNAC is affected.
- Version 2.3.3.5 is affected.
- Version 2.3.3.5-AIRGAP is affected.
- Version 2.3.4.0-AIRGAP is affected.
- Version 2.3.4.3 is affected.
- Version 2.3.4.3-AIRGAP is affected.
- Version 2.3.3.6 is affected.
- Version 2.3.3.6-AIRGAP is affected.
- Version 2.3.3.6-AIRGAP-MDNAC is affected.
- Version 2.3.5.0-AIRGAP-MDNAC is affected.
- Version VA Launchpad 1.0.3 is affected.
- Version VA Launchpad 1.0.4 is affected.
- Version 2.3.3.7 is affected.
- Version 2.3.3.7-AIRGAP is affected.
- Version 2.3.3.7-AIRGAP-MDNAC is affected.
- Version 2.3.6.0 is affected.
- Version 2.3.3.6-70045-HF1 is affected.
- Version VA Launchpad 1.2.1 is affected.
- Version 2.3.3.7-72328-AIRGAP is affected.
- Version 2.3.3.7-72323 is affected.
- Version 2.3.3.7-72328-MDNAC is affected.
- Version 2.3.5.3 is affected.
- Version 2.3.5.3-AIRGAP-MDNAC is affected.
- Version 2.3.5.3-AIRGAP is affected.
- Version 2.3.6.0-AIRGAP is affected.
- Version VA Launchpad 1.3.0 is affected.
- Version VA Launchpad 1.5.0 is affected.
- Version 2.3.7.0 is affected.
- Version 2.3.7.0-AIRGAP is affected.
- Version 2.3.7.0-AIRGAP-MDNAC is affected.
- Version 2.3.7.0-VA is affected.
- Version 2.3.5.4-AIRGAP is affected.
- Version 2.3.5.4-AIRGAP-MDNAC is affected.
- Version VA Launchpad 1.6.0 is affected.
- Version 2.3.7.3 is affected.
- Version 2.3.7.3-AIRGAP is affected.
- Version 2.3.7.3-AIRGAP-MDNAC is affected.
- Version VA Launchpad 1.7.0 is affected.
- Version 2.3.5.5-AIRGAP is affected.
- Version 2.3.5.5 is affected.
- Version 2.3.5.5-AIRGAP-MDNAC is affected.
- Version 2.3.7.4 is affected.
- Version 2.3.7.4-AIRGAP is affected.
- Version 2.3.7.5-AIRGAP is affected.
- Version VA Launchpad 1.9.0 is affected.
- Version 2.3.5.6-AIRGAP is affected.
- Version 2.3.5.6-AIRGAP-MDNAC is affected.
- Version 1.0.0.0 is affected.
- Version Cisco CCGM 1.0.0.0 is affected.
- Version 2.3.7.6-AIRGAP is affected.
- Version 2.3.7.6 is affected.
- Version 2.3.7.6-VA is affected.
- Version 2.3.5.5-70026-HF70 is affected.
- Version 2.3.5.5-70026-HF51 is affected.
- Version 2.3.5.6-70143-HF20 is affected.
- Version 2.3.7.6-AIRGAP-MDNAC is affected.
- Version 2.3.5.5-70026-HF53 is affected.
- Version 2.3.5.5-70026-HF71 is affected.
- Version 2.3.7.7 is affected.
- Version 2.3.7.7-VA is affected.
- Version 2.3.7.7-AIRGAP is affected.
- Version 2.3.7.7-AIRGAP-MDNAC is affected.
- Version 2.3.7.9-VA is affected.
- Version 2.3.7.9 is affected.
- Version 2.3.7.9-AIRGAP is affected.
- Version 2.3.7.9-AIRGAP-MDNAC is affected.
- Version Cisco CCGM 1.1.1 is affected.
- Version 2.3.7.9-70301-GSMU10 is affected.
- Version 2.3.7.9-70301-SMU1 is affected.
- Version 2.3.7.9-75403-SMU10 is affected.
- Version 2.3.7.9-75403-GSMU10 is affected.
- Version Cisco CCGM 1.2.1 is affected.
- Version 2.3.5.3-EULA is affected.
- Version 2.3.7.9.75403.10-VA is affected.
- Version 0.0.0.0 is affected.
- Version 1.16.54 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.