cbcvebase.
CVE-2025-20242
published 2025-05-21

CVE-2025-20242: A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and…

PriorityP272critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
5.01%
91.2th percentile
A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port on an affected device. A successful exploit could allow the attacker to read or modify data on the affected device.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscocisco_unified_contact_center_enterprise
ciscounified_contact_center_enterprise
ciscounified_contact_center_enterprise_cloud_connect

Detection & IOCsextracted from sources · hover to see the quote

  • Detect unauthenticated crafted TCP data sent to the specific port used by the Cisco Unified CCE Cloud Connect component, which lacks proper authentication controls
  • ·The advisory does not disclose the specific TCP port targeted by this vulnerability; defenders should monitor all TCP traffic to Cloud Connect component ports on Cisco Unified CCE devices for unauthenticated or anomalous connections.
  • ·There are no workarounds available; the only remediation is applying Cisco's software updates.
  • ·The vulnerability is rooted in a lack of proper authentication controls (CWE-284 Improper Access Control) in the Cloud Connect component of Cisco Unified CCE, allowing unauthenticated remote read and modify access.

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
vendor_cisco6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.