CVE-2025-20288

CWE-918 — Server-Side Request Forgery (SSRF)4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.0%

top 97.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Unified Contact Center Express Cisco Cisco Unified Intelligence Center Cisco Unified Contact Center Express +1 more

Timeline

PublishedJul 16

Description

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are so…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDcisco/unified_intelligence_center13 versions+12

▶CVEListV5cisco/cisco_unified_intelligence_center22 versions+21

▶NVDcisco/unified_contact_center_express56 versions+55

▶CVEListV5cisco/cisco_unified_contact_center_express56 versions+55

🔴Vulnerability Details

CVEList

Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability↗2025-07-16

▶

GHSA

GHSA-gr52-482f-6whp: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct↗2025-07-16

▶

📋Vendor Advisories

Cisco

Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability↗2025-07-16

▶