Main Vulnerability Database Vulnerabilities #VU109645

#VU109645 Authorization bypass through user-controlled key in Cisco Unified Intelligence Center and Cisco Unified Contact Center Express - CVE-2025-20114

Published: May 22, 2025

Vulnerability identifier: #VU109645

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-20114

CWE-ID: CWE-639

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Unified Intelligence Center
Cisco Unified Contact Center Express

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied parameters in API requests. A remote user can perform insecure direct object reference attack and gain access to specific data that is associated with different users on the affected system.

Remediation

Install updates from vendor's website.

External links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4

#VU109645 Authorization bypass through user-controlled key in Cisco Unified Intelligence Center and Cisco Unified Contact Center Express - CVE-2025-20114

Description

Remediation

External links

Please verify you're human