CVE-2025-20114Authorization Bypass Through User-Controlled Key in Cisco Unified Contact Center Express

CWE-639Authorization Bypass Through User-Controlled KeyCWE-602Client-Side Enforcement of Server-Side Security4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 59.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Unified Contact Center ExpressCisco Unified Intelligence CenterCisco Unified Contact Center Express+1 more
Timeline
PublishedMay 21

Description

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access spe

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5cisco/cisco_unified_intelligence_center22 versions+21

🔴Vulnerability Details

2
GHSA
GHSA-9r82-ff34-6w3x: A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escala2025-05-21
CVEList
Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability2025-05-21

📋Vendor Advisories

1
Cisco
Cisco Unified Intelligence Center Privilege Escalation Vulnerabilities2025-05-21
CVE-2025-20114 — Cisco vulnerability | cvebase