CVE-2025-20206

Summary

A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client.

This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to a specific Cisco Secure Client process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid user credentials on the Windows system.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Secure Client4.9.00086affected
CiscoCisco Secure Client4.9.01095affected
CiscoCisco Secure Client4.9.02028affected
CiscoCisco Secure Client4.9.03047affected
CiscoCisco Secure Client4.9.03049affected
CiscoCisco Secure Client4.9.04043affected
CiscoCisco Secure Client4.9.04053affected
CiscoCisco Secure Client4.9.05042affected
CiscoCisco Secure Client4.9.06037affected
CiscoCisco Secure Client4.10.00093affected
CiscoCisco Secure Client4.10.01075affected
CiscoCisco Secure Client4.10.02086affected
CiscoCisco Secure Client4.10.03104affected
CiscoCisco Secure Client4.10.04065affected
CiscoCisco Secure Client4.10.04071affected
CiscoCisco Secure Client4.10.05085affected
CiscoCisco Secure Client4.10.05095affected
CiscoCisco Secure Client5.0.00238affected
CiscoCisco Secure Client4.10.05111affected
CiscoCisco Secure Client5.0.00529affected
CiscoCisco Secure Client5.0.00556affected
CiscoCisco Secure Client4.10.06079affected
CiscoCisco Secure Client5.0.01242affected
CiscoCisco Secure Client4.10.06090affected
CiscoCisco Secure Client5.0.02075affected
CiscoCisco Secure Client4.10.07061affected
CiscoCisco Secure Client5.0.03072affected
CiscoCisco Secure Client4.10.07062affected
CiscoCisco Secure Client5.0.03076affected
CiscoCisco Secure Client5.0.04032affected
CiscoCisco Secure Client4.10.07073affected
CiscoCisco Secure Client5.0.05040affected
CiscoCisco Secure Client5.1.0.136affected
CiscoCisco Secure Client5.1.1.42affected
CiscoCisco Secure Client4.10.08025affected
CiscoCisco Secure Client5.1.2.42affected
CiscoCisco Secure Client4.10.08029affected
CiscoCisco Secure Client5.1.3.62affected
CiscoCisco Secure Client5.1.4.74affected
CiscoCisco Secure Client5.1.5.65affected
CiscoCisco Secure Client5.1.6.103affected
CiscoCisco Secure Client5.1.7.80affected

Weaknesses

  • CWE-347: Improper Verification of Cryptographic Signature

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References