CVE-2025-20345

4.9 MEDIUM

Published: August 20, 2025 Modified: April 15, 2026

Description

A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file. This vulnerability is due to insufficient masking of sensitive information before it is written to system log files. An attacker could exploit this vulnerability by accessing logs on an affected system. A successful exploit could allow the attacker to view sensitive information that should be restricted. 

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd36820

Source: psirt@cisco.com

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2

Source: psirt@cisco.com

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-authproxlog-SxczXQ63

Source: psirt@cisco.com

https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-66682

Source: psirt@cisco.com

4 reference(s) from NVD

Quick Stats

CVSS v3 Score

4.9 / 10.0

EPSS (Exploit Probability)

0.1%

32th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-200

Related CVEs

CVE-2026-7724 5.0

CVE-2026-7723 7.3

CVE-2026-7722 5.3

CVE-2026-7721 6.3

CVE-2026-7720 6.3