CVE-2025-20113 (GCVE-0-2025-20113)
Vulnerability from cvelistv5 – Published: 2025-05-21 16:19 – Updated: 2025-05-22 03:55
VLAI?
Summary
A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.
This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.
Severity ?
7.1 (High)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Unified Contact Center Express |
Affected:
10.6(1)
Affected: 10.5(1)SU1 Affected: 10.6(1)SU3 Affected: 12.0(1) Affected: 10.0(1)SU1 Affected: 10.6(1)SU1 Affected: 11.0(1)SU1 Affected: 11.5(1)SU1 Affected: 10.5(1) Affected: 11.6(1) Affected: 11.6(2) Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)_SU03_ES01 Affected: 12.5(1)_SU03_ES02 Affected: 12.5(1)_SU02_ES03 Affected: 12.5(1)_SU02_ES04 Affected: 12.5(1)_SU02_ES02 Affected: 12.5(1)_SU01_ES02 Affected: 12.5(1)_SU01_ES03 Affected: 12.5(1)_SU02_ES01 Affected: 11.6(2)ES07 Affected: 11.6(2)ES08 Affected: 12.5(1)_SU01_ES01 Affected: 12.0(1)ES04 Affected: 12.5(1)ES02 Affected: 12.5(1)ES03 Affected: 11.6(2)ES06 Affected: 12.5(1)ES01 Affected: 12.0(1)ES03 Affected: 12.0(1)ES01 Affected: 11.6(2)ES05 Affected: 12.0(1)ES02 Affected: 11.6(2)ES04 Affected: 11.6(2)ES03 Affected: 11.6(2)ES02 Affected: 11.6(2)ES01 Affected: 10.6(1)SU3ES03 Affected: 11.0(1)SU1ES03 Affected: 10.6(1)SU3ES01 Affected: 10.5(1)SU1ES10 Affected: 10.0(1)SU1ES04 Affected: 11.5(1)SU1ES03 Affected: 11.6(1)ES02 Affected: 11.5(1)ES01 Affected: 9.0(2)SU3ES04 Affected: 10.6(1)SU2 Affected: 10.6(1)SU2ES04 Affected: 11.6(1)ES01 Affected: 10.6(1)SU3ES02 Affected: 11.5(1)SU1ES02 Affected: 11.5(1)SU1ES01 Affected: 8.5(1) Affected: 11.0(1)SU1ES02 Affected: 12.5(1)_SU03_ES03 Affected: 12.5(1)_SU03_ES04 Affected: 12.5(1)_SU03_ES05 Affected: 12.5(1)_SU03_ES06 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T03:55:17.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Contact Center Express",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)SU3"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)SU1"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES01"
},
{
"status": "affected",
"version": "11.6(2)ES07"
},
{
"status": "affected",
"version": "11.6(2)ES08"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES01"
},
{
"status": "affected",
"version": "12.0(1)ES04"
},
{
"status": "affected",
"version": "12.5(1)ES02"
},
{
"status": "affected",
"version": "12.5(1)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES06"
},
{
"status": "affected",
"version": "12.5(1)ES01"
},
{
"status": "affected",
"version": "12.0(1)ES03"
},
{
"status": "affected",
"version": "12.0(1)ES01"
},
{
"status": "affected",
"version": "11.6(2)ES05"
},
{
"status": "affected",
"version": "12.0(1)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES04"
},
{
"status": "affected",
"version": "11.6(2)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES01"
},
{
"status": "affected",
"version": "10.6(1)SU3ES03"
},
{
"status": "affected",
"version": "11.0(1)SU1ES03"
},
{
"status": "affected",
"version": "10.6(1)SU3ES01"
},
{
"status": "affected",
"version": "10.5(1)SU1ES10"
},
{
"status": "affected",
"version": "10.0(1)SU1ES04"
},
{
"status": "affected",
"version": "11.5(1)SU1ES03"
},
{
"status": "affected",
"version": "11.6(1)ES02"
},
{
"status": "affected",
"version": "11.5(1)ES01"
},
{
"status": "affected",
"version": "9.0(2)SU3ES04"
},
{
"status": "affected",
"version": "10.6(1)SU2"
},
{
"status": "affected",
"version": "10.6(1)SU2ES04"
},
{
"status": "affected",
"version": "11.6(1)ES01"
},
{
"status": "affected",
"version": "10.6(1)SU3ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES01"
},
{
"status": "affected",
"version": "8.5(1)"
},
{
"status": "affected",
"version": "11.0(1)SU1ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES05"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES06"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Intelligence Center",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.6(1)_ET"
},
{
"status": "affected",
"version": "12.6(1)_ES05_ET"
},
{
"status": "affected",
"version": "11.0(3)"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.6(2)_504_Issue_ET"
},
{
"status": "affected",
"version": "12.6.1_ExcelIssue_ET"
},
{
"status": "affected",
"version": "12.6(2)_Permalink_ET"
},
{
"status": "affected",
"version": "12.6.2_CSCwk19536_ET"
},
{
"status": "affected",
"version": "12.6.2_CSCwm96922_ET"
},
{
"status": "affected",
"version": "12.5(2)ET_CSCwi79933"
},
{
"status": "affected",
"version": "12.6.2_CSCwn48501_ET"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.\r\n\r\nThis vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T16:19:41.378Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cuis-priv-esc-3Pk96SU4",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4"
}
],
"source": {
"advisory": "cisco-sa-cuis-priv-esc-3Pk96SU4",
"defects": [
"CSCwk34893"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Unified Intelligence Center Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20113",
"datePublished": "2025-05-21T16:19:41.378Z",
"dateReserved": "2024-10-10T19:15:13.210Z",
"dateUpdated": "2025-05-22T03:55:17.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-20113\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2025-05-21T17:15:55.620\",\"lastModified\":\"2025-07-22T14:41:12.307\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.\\r\\n\\r\\nThis vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en Cisco Unified Intelligence Center podr\u00eda permitir que un atacante remoto autenticado eleve privilegios a Administrador para un conjunto limitado de funciones en un sistema afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente del lado del servidor de los par\u00e1metros proporcionados por el usuario en las solicitudes API o HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una solicitud API o HTTP manipulada a un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder, modificar o eliminar datos m\u00e1s all\u00e1 del \u00e1mbito de su nivel de acceso previsto, incluyendo la obtenci\u00f3n de informaci\u00f3n potencialmente confidencial almacenada en el sistema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-602\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:10.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5601C191-19B9-4CC3-94E0-AB144A6BD02C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:11.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D92445EF-1107-456D-8F03-44BA2A385383\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:11.0\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F4F7BC5-E393-4C85-93ED-8F8DBD81A383\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:11.0\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD658DE5-84D2-4527-AF25-09F31572C184\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:11.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"060AFE51-F470-4B14-8D74-8B721129A37E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:11.6\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B59061B-ED98-47C6-A8CF-41CA11500AF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF881F48-7268-4A06-A72B-FEE1BD58A193\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84C52246-9E02-434A-8E41-76B21DB3F25C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.5\\\\(1\\\\)su:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42B2688A-4E07-4EA0-8304-E168FB672202\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.6\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EAE9043-E488-4FBE-8A60-377F71D5D126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.6\\\\(1\\\\)_es05_et:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45676746-8B75-4095-A4FF-9AC34CF0E72F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.6\\\\(1\\\\)_et:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D94589CB-61F9-474F-800A-5387FB4AEF9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.6\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A136173-603C-427A-AC03-76CBB6757C92\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:8.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED97AAD8-D02D-42AB-863A-7538A1F6D425\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:9.0\\\\(2\\\\)su3es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1202DE4-CA67-424E-8379-2BC13630F0C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.0\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31854EAF-89B5-40BB-98E7-7EBB2E867C96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.0\\\\(1\\\\)su1es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE1194F1-9CF5-460E-AF26-FB7CDC1EE878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C277058-F33F-4E60-AE89-658CB6558D9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E255206-BDDB-4F0F-9ED7-3A3ACA74EF83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.5\\\\(1\\\\)su1es10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE358FF2-CB8A-4E0D-926E-ED151B585E52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6F83A65-F3AC-4F6B-97A3-9FC582683BCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A766B903-E6DB-4838-90A7-63918C9F8AD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F1F0C70-E644-4DCA-93C2-6BCB331D08E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su2es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF54B434-E765-40B1-B12A-21FC7F415ACE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60839544-11E0-4381-A9AA-21D6FB403F88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su3es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D8114CF-6689-4C97-BD5D-07CC8EEF35A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su3es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D90986B-64ED-44A1-9CF1-7C9FD27555FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su3es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"442E4715-5043-4BF7-8961-C8844A00A7B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.0\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0242DD9A-A5BB-4DE7-9218-7AE0FE2A65AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.0\\\\(1\\\\)su1es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5002FAA-FE64-4AA7-B0D7-22084CCE0CE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.0\\\\(1\\\\)su1es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C17A2AB-33B3-4089-A701-A29A4E55D667\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.5\\\\(1\\\\)es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC6FFA8B-248F-42C7-8A06-3F7E158386EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26A35E9A-FFFB-49AF-BA70-67F3EA54B9ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.5\\\\(1\\\\)su1es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F529FE5-1DE8-43A5-88EE-0980D3A55BCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.5\\\\(1\\\\)su1es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"766350AF-1B2F-4DC0-9DA3-E17B45892163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.5\\\\(1\\\\)su1es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"702E48CC-3858-491C-A328-5D9ADDDC8DC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20CF8B80-28C0-407B-BA60-1B07694A3DFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(1\\\\)es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59A30F7B-9756-40BD-89C1-60E2702CC806\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(1\\\\)es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29A15BB5-0725-4159-B387-74CFBF58F349\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82F5416D-0DF3-48BB-8A23-DBC2B0746195\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"908E3B03-7248-44B4-B0DE-E3B3F7FA9555\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1705F343-BF9D-4EBC-B833-64F03EDD7C27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"686F6450-99FC-4260-B9CE-B7F313464EFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93851C02-3E0A-41F1-82BB-24546A83E272\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10E25C7A-42B4-40CE-A13B-0252C05FCFD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D0128C7-3FB4-42EE-B4D8-68EAAC4727A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es07:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A92970B-53FD-4ED6-95BC-FDC7BB6780CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE8E4137-3059-46B0-B241-2AA42A3D959E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30A8784D-B7A6-4F13-B89D-4ED910CC0576\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.0\\\\(1\\\\)es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B368DEE7-7639-4D46-997B-2F2409712CAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.0\\\\(1\\\\)es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B721320B-C72C-4550-B585-9F43439FAB25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.0\\\\(1\\\\)es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5F18549-A002-4106-9740-6B641E0ECF8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.0\\\\(1\\\\)es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFF4AD59-6A04-4473-84E0-D99D24D99BC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9715BD0-F519-462E-ACF6-859B203638D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su01_es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB2C8F59-78F2-4E3A-8261-F4EF214F691A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su01_es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3117461-56A5-4957-8BE0-83F44B66AE3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su01_es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B279AE4-9CF7-49F1-A4C3-D8A6301EF136\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su02_es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"860ACAB6-5CB9-468C-90C4-B7C8E9559D2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su02_es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB2D8357-773D-492F-BC5B-F672C4D736A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su02_es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE0B3B5E-2C4C-473C-B7FB-F62AAC19744C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su02_es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51D7EEFA-D04C-4769-8C62-B8B5902F79ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E31A16D3-3B40-42EA-BAC3-05A13082CED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21F08B08-23C1-4AD7-AD67-34D196C8470E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05AD3A80-2409-475E-87F5-430E51C53087\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49165652-275C-4AD9-9585-2F130989D404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4480EF1-226E-459E-B2F5-3985A219BBD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A408698-6123-4772-8D11-FE89EBB135D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81728CDB-DD39-4DD9-BB82-6F2D8E3D1E2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F9AF5B-3670-4910-9AD8-C1FB90C7190B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78DAF852-5CA1-4D2B-948B-F0E9FB9DA973\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83EDDAAF-0746-4851-B7E5-60E4ED039D02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)su2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FBB3406-4AD0-41B1-AFC3-3FC6E7E01B10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)su3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BF183D9-CDF6-44D9-B529-F13666A3EE07\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-20113\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-21T19:36:12.323340Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-21T19:36:14.637Z\"}}], \"cna\": {\"title\": \"Cisco Unified Intelligence Center Privilege Escalation Vulnerability\", \"source\": {\"defects\": [\"CSCwk34893\"], \"advisory\": \"cisco-sa-cuis-priv-esc-3Pk96SU4\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Contact Center Express\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.6(1)\"}, {\"status\": \"affected\", \"version\": \"10.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU3\"}, {\"status\": \"affected\", \"version\": \"12.0(1)\"}, {\"status\": \"affected\", \"version\": \"10.0(1)SU1\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU1\"}, {\"status\": \"affected\", \"version\": \"11.0(1)SU1\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"10.5(1)\"}, {\"status\": \"affected\", \"version\": \"11.6(1)\"}, {\"status\": \"affected\", \"version\": \"11.6(2)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU2\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU3\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES01\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU02_ES03\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU02_ES04\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU02_ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU01_ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU01_ES03\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU02_ES01\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES07\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES08\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU01_ES01\"}, {\"status\": \"affected\", \"version\": \"12.0(1)ES04\"}, {\"status\": \"affected\", \"version\": \"12.5(1)ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)ES03\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES06\"}, {\"status\": \"affected\", \"version\": \"12.5(1)ES01\"}, {\"status\": \"affected\", \"version\": \"12.0(1)ES03\"}, {\"status\": \"affected\", \"version\": \"12.0(1)ES01\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES05\"}, {\"status\": \"affected\", \"version\": \"12.0(1)ES02\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES04\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES03\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES02\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES01\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU3ES03\"}, {\"status\": \"affected\", \"version\": \"11.0(1)SU1ES03\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU3ES01\"}, {\"status\": \"affected\", \"version\": \"10.5(1)SU1ES10\"}, {\"status\": \"affected\", \"version\": \"10.0(1)SU1ES04\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1ES03\"}, {\"status\": \"affected\", \"version\": \"11.6(1)ES02\"}, {\"status\": \"affected\", \"version\": \"11.5(1)ES01\"}, {\"status\": \"affected\", \"version\": \"9.0(2)SU3ES04\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU2\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU2ES04\"}, {\"status\": \"affected\", \"version\": \"11.6(1)ES01\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU3ES02\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1ES02\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1ES01\"}, {\"status\": \"affected\", \"version\": \"8.5(1)\"}, {\"status\": \"affected\", \"version\": \"11.0(1)SU1ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES03\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES04\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES05\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES06\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Intelligence Center\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.6(1)\"}, {\"status\": \"affected\", \"version\": \"10.5(1)\"}, {\"status\": \"affected\", \"version\": \"11.0(1)\"}, {\"status\": \"affected\", \"version\": \"11.5(1)\"}, {\"status\": \"affected\", \"version\": \"12.0(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)\"}, {\"status\": \"affected\", \"version\": \"11.0(2)\"}, {\"status\": \"affected\", \"version\": \"12.6(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU\"}, {\"status\": \"affected\", \"version\": \"12.6(1)_ET\"}, {\"status\": \"affected\", \"version\": \"12.6(1)_ES05_ET\"}, {\"status\": \"affected\", \"version\": \"11.0(3)\"}, {\"status\": \"affected\", \"version\": \"12.6(2)\"}, {\"status\": \"affected\", \"version\": \"12.6(2)_504_Issue_ET\"}, {\"status\": \"affected\", \"version\": \"12.6.1_ExcelIssue_ET\"}, {\"status\": \"affected\", \"version\": \"12.6(2)_Permalink_ET\"}, {\"status\": \"affected\", \"version\": \"12.6.2_CSCwk19536_ET\"}, {\"status\": \"affected\", \"version\": \"12.6.2_CSCwm96922_ET\"}, {\"status\": \"affected\", \"version\": \"12.5(2)ET_CSCwi79933\"}, {\"status\": \"affected\", \"version\": \"12.6.2_CSCwn48501_ET\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4\", \"name\": \"cisco-sa-cuis-priv-esc-3Pk96SU4\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.\\r\\n\\r\\nThis vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-602\", \"description\": \"Client-Side Enforcement of Server-Side Security\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2025-05-21T16:19:41.378Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-20113\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-22T03:55:17.134Z\", \"dateReserved\": \"2024-10-10T19:15:13.210Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2025-05-21T16:19:41.378Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…