{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T13:30:14.387","vulnerabilities":[{"cve":{"id":"CVE-2025-20317","sourceIdentifier":"psirt@cisco.com","published":"2025-08-27T17:15:36.140","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website.\r\n\r\nThis vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials.\r\nNote: The affected vKVM client is also included in Cisco UCS Manager."},{"lang":"es","value":"Una vulnerabilidad en la gestión de la conexión de Virtual Keyboard Video Monitor (vKVM) de Cisco Integrated Management Controller (IMC) podría permitir que un atacante remoto no autenticado redirija a un usuario a un sitio web malicioso. Esta vulnerabilidad se debe a una verificación insuficiente de los endpoints vKVM. Un atacante podría explotar esta vulnerabilidad persuadiendo al usuario a hacer clic en un enlace manipulado. Una explotación exitosa podría permitirle redirigir a un usuario a una página web maliciosa y, potencialmente, obtener sus credenciales. Nota: El cliente vKVM afectado también está incluido en Cisco UCS Manager."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK","source":"psirt@cisco.com"}]}}]}