CVE-2025-20377

CWE-200Information ExposureCWE-22Path TraversalCWE-434Unrestricted File Upload4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 87.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Cisco Packaged Contact Center EnterpriseCisco Cisco Unified Contact Center EnterpriseCisco Cisco Unified Contact Center Express+1 more
Timeline
PublishedNov 5

Description

A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive information on the affected system

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5cisco/cisco_unified_intelligence_center25 versions+24

🔴Vulnerability Details

2
CVEList
Cisco Unified Intelligence Center API Information Disclosure Vulnerability2025-11-05
GHSA
GHSA-46m8-44h2-g6m9: A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive informatio2025-11-05

📋Vendor Advisories

1
Cisco
Multiple Cisco Contact Center Products Vulnerabilities2025-11-05
CVE-2025-20377 (MEDIUM CVSS 4.3) | A vulnerability in the API subsyste | cvebase.io