Local Privilege Escalation in Cisco Unified Communications and Contact Center Solutions
CVE-2025-20112

5.1MEDIUM

Key Information:

Badges

👾 Exploit Exists

What is CVE-2025-20112?

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products allows an authenticated, local attacker to escalate privileges to root. This issue arises from excessive permissions granted to system commands, enabling an attacker to execute crafted commands on the underlying operating system. Once exploited, the attacker can escape the restricted shell and gain root access. To carry out this attack successfully, the attacker must have administrative access to the ESXi hypervisor.

Affected Version(s)

Cisco Emergency Responder 12.5(1a)

Cisco Emergency Responder 12.5(1)SU1

Cisco Emergency Responder 12.5(1)

References

CVSS V3.1

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.