CVE-2025-20113

CWE-602CWE-639Insecure Direct Object Reference4 documents4 sources
Severity
7.1HIGH
EPSS
0.2%
top 53.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Cisco Unified Contact Center ExpressCisco Cisco Unified Intelligence CenterCisco Unified Contact Center Express+1 more
Timeline
PublishedMay 21

Description

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete da

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages4 packages

CVEListV5cisco/cisco_unified_intelligence_center20 versions+19

🔴Vulnerability Details

2
CVEList
Cisco Unified Intelligence Center Privilege Escalation Vulnerability2025-05-21
GHSA
GHSA-435v-q3pr-69h4: A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limite2025-05-21

📋Vendor Advisories

1
Cisco
Cisco Unified Intelligence Center Privilege Escalation Vulnerabilities2025-05-21
CVE-2025-20113 (HIGH CVSS 7.1) | A vulnerability in Cisco Unified In | cvebase.io