Local Privilege Escalation in Cisco Unified Communications and Contact Center Solutions
CVE-2025-20112

5.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Emergency Responder; Cisco Finesse; Cisco Prime Collaboration Deployment; Cisco Socialminer
Vendor: CVE Published:; 21 May 2025

Badges

👾 Exploit Exists

What is CVE-2025-20112?

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products allows an authenticated, local attacker to escalate privileges to root. This issue arises from excessive permissions granted to system commands, enabling an attacker to execute crafted commands on the underlying operating system. Once exploited, the attacker can escape the restricted shell and gain root access. To carry out this attack successfully, the attacker must have administrative access to the ESXi hypervisor.

Affected Version(s)

Cisco Emergency Responder 12.5(1a)

Cisco Emergency Responder 12.5(1)SU1

Cisco Emergency Responder 12.5(1)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 21, 2025
Vulnerability published
May 21, 2025
Vulnerability Reserved
Oct 10, 2024