Privilege Escalation Vulnerability in Cisco Unified Intelligence Center
CVE-2025-20113

7.1HIGH

Key Information:

Vendor: Cisco
Status: Cisco Unified Contact Center Express; Cisco Unified Intelligence Center
Vendor: CVE Published:; 21 May 2025

Badges

👾 Exploit Exists

What is CVE-2025-20113?

A vulnerability in Cisco Unified Intelligence Center allows an authenticated remote attacker to elevate privileges to the Administrator level for specific functions. This issue arises from inadequate server-side validation of user-supplied parameters in API or HTTP requests. By crafting malicious requests, an attacker may gain access to, modify, or delete data beyond their authorized level, which poses a risk of exposing sensitive information within the system.

Affected Version(s)

Cisco Unified Contact Center Express 10.6(1)

Cisco Unified Contact Center Express 10.5(1)SU1

Cisco Unified Contact Center Express 10.6(1)SU3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 21, 2025
Vulnerability published
May 21, 2025
Vulnerability Reserved
Oct 10, 2024