Privilege Escalation Vulnerability in Cisco Unified Intelligence Center
CVE-2025-20113

7.1HIGH

Key Information:

Vendor

Cisco
Status
Cisco Unified Contact Center Express
Cisco Unified Intelligence Center
Vendor
CVE Published:
21 May 2025

Badges

👾 Exploit Exists

What is CVE-2025-20113?

A vulnerability in Cisco Unified Intelligence Center allows an authenticated remote attacker to elevate privileges to the Administrator level for specific functions. This issue arises from inadequate server-side validation of user-supplied parameters in API or HTTP requests. By crafting malicious requests, an attacker may gain access to, modify, or delete data beyond their authorized level, which poses a risk of exposing sensitive information within the system.

Affected Version(s)

Cisco Unified Contact Center Express 10.6(1)

Cisco Unified Contact Center Express 10.5(1)SU1

Cisco Unified Contact Center Express 10.6(1)SU3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-20113 : Privilege Escalation Vulnerability in Cisco Unified Intelligence Center