Privilege Chaining in Cisco Systems, Inc products - CVE-2025-20112
Published: May 22, 2025
Vulnerability identifier: #VU109651
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-20112
CWE-ID: CWE-268
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Customer Collaboration Platform (CCP)
Cisco Emergency Responder
Cisco Finesse
Cisco Unified Communications Manager IM & Presence Service
Cisco Prime Collaboration Deployment
Cisco Unified Communications Manager
Cisco Unified Contact Center Express
Cisco Unified Intelligence Center
Cisco Unity Connection
Cisco Virtualized Voice Browser
Customer Collaboration Platform (CCP)
Cisco Emergency Responder
Cisco Finesse
Cisco Unified Communications Manager IM & Presence Service
Cisco Prime Collaboration Deployment
Cisco Unified Communications Manager
Cisco Unified Contact Center Express
Cisco Unified Intelligence Center
Cisco Unity Connection
Cisco Virtualized Voice Browser
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to excessive permissions that have been assigned to system commands. A local administrator can gain root privileges on the underlying operating system.
How to mitigate CVE-2025-20112
Install updates from vendor's website.