Severity
Medium
Analysis Summary
CVE-2025-20113 CVSS:7.1
Cisco Unified Intelligence Center could allow a remote authenticated attacker to gain elevated privileges on the system, caused by insufficient server-side validation of user-supplied parameters in API or HTTP requests.
CVE-2025-20114 CVSS:4.3
Cisco Unified Intelligence Center could allow a remote authenticated attacker to gain elevated privileges on the system, caused by insufficient validation of user-supplied parameters in API requests.
CVE-2025-20112 CVSS:5.1
Cisco Unified Communications Products could allow a local authenticated attacker to gain elevated privileges on the system, caused by excessive permissions that have been assigned to system commands.
CVE-2025-20242 CVSS:6.5
Cisco Unified Contact Center Enterprise (CCE) could allow a remote attacker to read or modify data, caused by the lack of proper authentication controls.
Impact
- Data Manipulation
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-20113
CVE-2025-20114
CVE-2025-20112
CVE-2025-20242
Affected Vendors
- Cisco
Affected Products
- Cisco Unified Communications Manager Session Management Edition (SME)
- Cisco Unified Intelligence Center (CUIC)
- Cisco Unified Contact Center Enterprise (CCE)
- Cisco Unified Contact Center Express (Unified CCX)
- Cisco Virtualized Voice Browser
- Cisco Unified CCE Cloud Connect Release
Remediation
Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.