CVE-2025-20112

CWE-2684 documents4 sources

Severity

5.1MEDIUM

EPSS

0.1%

top 78.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Emergency Responder Cisco Cisco Finesse Cisco Cisco Prime Collaboration Deployment +7 more

Timeline

PublishedMay 21

Description

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privilege…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:NExploitability: 0.8 | Impact: 4.2

Affected Packages10 packages

▶CVEListV5cisco/cisco_unified_contact_center_express61 versions+60

▶CVEListV5cisco/cisco_unified_intelligence_center22 versions+21

▶CVEListV5cisco/cisco_unified_communications_manager21 versions+20

▶CVEListV5cisco/cisco_unified_communications_manager_im_and_presence_service18 versions+17

▶CVEListV5cisco/cisco_finesse84 versions+83

🔴Vulnerability Details

CVEList

Cisco Unified Communications Products Privilege Escalation Vulnerability↗2025-05-21

▶

GHSA

GHSA-xq83-m7pg-gg42: A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate↗2025-05-21

▶