Vendor scorecard
Cisco Duo
Cisco Duo security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: duo
Product families
1
Open in latest
2
Inferred — see methodology
Last disclosure
May 21, 2025
01
Product categories
1 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| Authentication ProxyIdentity & Access Managementauthentication_proxy, duo, network_gateway | 0 | 2 | 2.0.2MED |
02
Recent CVEs
1 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-20258(opens NVD record) | Medium | 5.4 | A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands into a portion of an email that is sent by the service. A successful exploit could allow the attacker to send emails that contain malicious content to unsuspecting users. | May 21, 2025 |
0 CVEs · 1 product families