August 7, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Atlassian Products Vulnerabilities
May 23, 2025Multiple IBM Aspera Faspex Vulnerabilities
May 23, 2025Multiple Atlassian Products Vulnerabilities
May 23, 2025Multiple IBM Aspera Faspex Vulnerabilities
May 23, 2025
Severity
Medium
Analysis Summary
CVE-2025-20113 CVSS:7.1
Cisco Unified Intelligence Center could allow a remote authenticated attacker to gain elevated privileges on the system, caused by insufficient server-side validation of user-supplied parameters in API or HTTP requests.
CVE-2025-20114 CVSS:4.3
Cisco Unified Intelligence Center could allow a remote authenticated attacker to gain elevated privileges on the system, caused by insufficient validation of user-supplied parameters in API requests.
CVE-2025-20112 CVSS:5.1
Cisco Unified Communications Products could allow a local authenticated attacker to gain elevated privileges on the system, caused by excessive permissions that have been assigned to system commands.
CVE-2025-20242 CVSS:6.5
Cisco Unified Contact Center Enterprise (CCE) could allow a remote attacker to read or modify data, caused by the lack of proper authentication controls.
Impact
- Data Manipulation
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-20113
CVE-2025-20114
CVE-2025-20112
CVE-2025-20242
Affected Vendors
- Cisco
Affected Products
- Cisco Unified Communications Manager Session Management Edition (SME)
- Cisco Unified Intelligence Center (CUIC)
- Cisco Unified Contact Center Enterprise (CCE)
- Cisco Unified Contact Center Express (Unified CCX)
- Cisco Virtualized Voice Browser
- Cisco Unified CCE Cloud Connect Release
Remediation
Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.