#VU109651 Privilege Chaining in Cisco Systems, Inc products - CVE-2025-20112
Published: May 22, 2025
Vulnerability identifier: #VU109651
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-20112
CWE-ID: CWE-268
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Customer Collaboration Platform (CCP)
Cisco Emergency Responder
Cisco Finesse
Cisco Unified Communications Manager IM & Presence Service
Cisco Prime Collaboration Deployment
Cisco Unified Communications Manager
Cisco Unified Contact Center Express
Cisco Unified Intelligence Center
Cisco Unity Connection
Cisco Virtualized Voice Browser
Customer Collaboration Platform (CCP)
Cisco Emergency Responder
Cisco Finesse
Cisco Unified Communications Manager IM & Presence Service
Cisco Prime Collaboration Deployment
Cisco Unified Communications Manager
Cisco Unified Contact Center Express
Cisco Unified Intelligence Center
Cisco Unity Connection
Cisco Virtualized Voice Browser
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to excessive permissions that have been assigned to system commands. A local administrator can gain root privileges on the underlying operating system.
Remediation
Install updates from vendor's website.