Local Privilege Escalation in Cisco Unified Communications and Contact Center Solutions
CVE-2025-20112
5.1MEDIUM
What is CVE-2025-20112?
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products allows an authenticated, local attacker to escalate privileges to root. This issue arises from excessive permissions granted to system commands, enabling an attacker to execute crafted commands on the underlying operating system. Once exploited, the attacker can escape the restricted shell and gain root access. To carry out this attack successfully, the attacker must have administrative access to the ESXi hypervisor.
Affected Version(s)
Cisco Emergency Responder 12.5(1a)
Cisco Emergency Responder 12.5(1)SU1
Cisco Emergency Responder 12.5(1)