CVE-2025-20345

Summary

A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file.

This vulnerability is due to insufficient masking of sensitive information before it is written to system log files. An attacker could exploit this vulnerability by accessing logs on an affected system. A successful exploit could allow the attacker to view sensitive information that should be restricted. 

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Duo Authentication Proxy2.4.2affected
CiscoCisco Duo Authentication Proxy2.4.3affected
CiscoCisco Duo Authentication Proxy2.4.4affected
CiscoCisco Duo Authentication Proxy2.4.5affected
CiscoCisco Duo Authentication Proxy2.4.6affected
CiscoCisco Duo Authentication Proxy2.4.7affected
CiscoCisco Duo Authentication Proxy2.4.8affected
CiscoCisco Duo Authentication Proxy2.4.9affected
CiscoCisco Duo Authentication Proxy2.4.10affected
CiscoCisco Duo Authentication Proxy2.4.11affected
CiscoCisco Duo Authentication Proxy2.4.12affected
CiscoCisco Duo Authentication Proxy2.4.13affected
CiscoCisco Duo Authentication Proxy2.4.14affected
CiscoCisco Duo Authentication Proxy2.4.14.1affected
CiscoCisco Duo Authentication Proxy2.4.15affected
CiscoCisco Duo Authentication Proxy2.4.16affected
CiscoCisco Duo Authentication Proxy2.4.17affected
CiscoCisco Duo Authentication Proxy2.4.18affected
CiscoCisco Duo Authentication Proxy2.4.19affected
CiscoCisco Duo Authentication Proxy2.4.20affected
CiscoCisco Duo Authentication Proxy2.4.21affected
CiscoCisco Duo Authentication Proxy2.5.4affected
CiscoCisco Duo Authentication Proxy2.6.0affected
CiscoCisco Duo Authentication Proxy2.7.0affected
CiscoCisco Duo Authentication Proxy2.8.1affected
CiscoCisco Duo Authentication Proxy2.9.0affected
CiscoCisco Duo Authentication Proxy2.10.0affected
CiscoCisco Duo Authentication Proxy2.10.1affected
CiscoCisco Duo Authentication Proxy2.11.0affected
CiscoCisco Duo Authentication Proxy2.12.0affected
CiscoCisco Duo Authentication Proxy2.12.1affected
CiscoCisco Duo Authentication Proxy2.13.0affected
CiscoCisco Duo Authentication Proxy2.14.0affected
CiscoCisco Duo Authentication Proxy3.0.0affected
CiscoCisco Duo Authentication Proxy3.1.0affected
CiscoCisco Duo Authentication Proxy3.1.1affected
CiscoCisco Duo Authentication Proxy3.2.0affected
CiscoCisco Duo Authentication Proxy3.2.1affected
CiscoCisco Duo Authentication Proxy3.2.2affected
CiscoCisco Duo Authentication Proxy3.2.3affected
CiscoCisco Duo Authentication Proxy3.2.4affected
CiscoCisco Duo Authentication Proxy4.0.0affected
CiscoCisco Duo Authentication Proxy4.0.1affected
CiscoCisco Duo Authentication Proxy4.0.2affected
CiscoCisco Duo Authentication Proxy5.0.0affected
CiscoCisco Duo Authentication Proxy5.0.1affected
CiscoCisco Duo Authentication Proxy5.0.2affected
CiscoCisco Duo Authentication Proxy5.1.0affected
CiscoCisco Duo Authentication Proxy5.1.1affected
CiscoCisco Duo Authentication Proxy5.2.0affected
CiscoCisco Duo Authentication Proxy5.2.1affected
CiscoCisco Duo Authentication Proxy5.2.2affected
CiscoCisco Duo Authentication Proxy5.3.0affected
CiscoCisco Duo Authentication Proxy5.3.1affected
CiscoCisco Duo Authentication Proxy5.4.0affected
CiscoCisco Duo Authentication Proxy5.4.1affected
CiscoCisco Duo Authentication Proxy5.5.0affected
CiscoCisco Duo Authentication Proxy5.5.1affected
CiscoCisco Duo Authentication Proxy5.6.0affected
CiscoCisco Duo Authentication Proxy5.6.1affected
CiscoCisco Duo Authentication Proxy5.7.0affected
CiscoCisco Duo Authentication Proxy5.7.1affected
CiscoCisco Duo Authentication Proxy5.7.2affected
CiscoCisco Duo Authentication Proxy5.7.3affected
CiscoCisco Duo Authentication Proxy5.7.4affected
CiscoCisco Duo Authentication Proxy5.8.0affected
CiscoCisco Duo Authentication Proxy5.8.1affected
CiscoCisco Duo Authentication Proxy6.0.0affected

Weaknesses

  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References