Request a Demo
Rewterz
GCleaner Malware – Active IOCs
July 3, 2025
Rewterz
Critical Cisco Unified CM Flaw Allows Unauthorized Root Access
July 3, 2025

Multiple Cisco Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-20307 CVSS:4.8

Cisco BroadWorks Application Delivery Platform is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVE-2025-20308 CVSS:6

Cisco Spaces Connector could allow a local authenticated attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root, caused by insufficient restrictions during the execution of specific CLI commands. By logging in to the Cisco Spaces Connector CLI as the spacesadmin user and executing a specific command with crafted parameters, an attacker could exploit this vulnerability to elevate privileges from the spacesadmin user and execute arbitrary commands on the underlying operating system as root.

CVE-2025-20309 CVSS:10

Cisco Unified Communications Manager contains a default account, caused by the presence of static user credentials for the root account that are reserved for use during development. A remote attacker could exploit this vulnerability to log in to an affected system and execute arbitrary commands as the root user.

CVE-2025-20310 CVSS:6.1

Cisco Enterprise Chat and Email (ECE) is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web UI. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Impact

  • Cross-Site Scripting
  • Privilege Escalation
  • Gain Access

Indicators of Compromise

CVE

  • CVE-2025-20307

  • CVE-2025-20308

  • CVE-2025-20309

  • CVE-2025-20310

Affected Vendors

  • Cisco

Affected Products

  • Cisco BroadWorks
  • Cisco DNA Spaces Connector
  • Cisco Unified Communications Manager Session Management Edition Engineering Special 15.0.1.13010-1
  • Cisco Enterprise Chat and Email 11.6(1)_ES3
  • Cisco Enterprise Chat and Email 11.6(1)_ES4
  • Cisco Enterprise Chat and Email 12.0(1)_ES6
  • Cisco Enterprise Chat and Email 11.6(1)_ES8

Remediation

Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-20307

CVE-2025-20308

CVE-2025-20309

CVE-2025-20310