Rewterz

Multiple Atlassian Products Vulnerabilities

May 23, 2025
Rewterz

Multiple IBM Aspera Faspex Vulnerabilities

May 23, 2025

Multiple Cisco Unified Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-20113 CVSS:7.1

Cisco Unified Intelligence Center could allow a remote authenticated attacker to gain elevated privileges on the system, caused by insufficient server-side validation of user-supplied parameters in API or HTTP requests.

CVE-2025-20114 CVSS:4.3

Cisco Unified Intelligence Center could allow a remote authenticated attacker to gain elevated privileges on the system, caused by insufficient validation of user-supplied parameters in API requests.

CVE-2025-20112 CVSS:5.1

Cisco Unified Communications Products could allow a local authenticated attacker to gain elevated privileges on the system, caused by excessive permissions that have been assigned to system commands.

CVE-2025-20242 CVSS:6.5

Cisco Unified Contact Center Enterprise (CCE) could allow a remote attacker to read or modify data, caused by the lack of proper authentication controls.

Impact

  • Data Manipulation
  • Privilege Escalation

Indicators of Compromise

CVE

  • CVE-2025-20113

  • CVE-2025-20114

  • CVE-2025-20112

  • CVE-2025-20242

Affected Vendors

  • Cisco

Affected Products

  • Cisco Unified Communications Manager Session Management Edition (SME)
  • Cisco Unified Intelligence Center (CUIC)
  • Cisco Unified Contact Center Enterprise (CCE)
  • Cisco Unified Contact Center Express (Unified CCX)
  • Cisco Virtualized Voice Browser
  • Cisco Unified CCE Cloud Connect Release

Remediation

Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-20113

CVE-2025-20114

CVE-2025-20112

CVE-2025-20242

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.