CVE-2025-20113

HIGH EPSS 26.3%
Published May 21, 20251y ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
High
Find Similar
Published May 21, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.

CVSS Details

Base Score
7.1
Exploitability
2.8
Impact
4.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
26.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-602

Affected Products 73

VendorProductVersionRange
ciscounified_intelligence_center10.5\(1\)any
ciscounified_intelligence_center11.0\(1\)any
ciscounified_intelligence_center11.0\(2\)any
ciscounified_intelligence_center11.0\(3\)any
ciscounified_intelligence_center11.5\(1\)any
ciscounified_intelligence_center11.6\(1\)any
ciscounified_intelligence_center12.0\(1\)any
ciscounified_intelligence_center12.5\(1\)any
ciscounified_intelligence_center12.5\(1\)suany
ciscounified_intelligence_center12.6\(1\)any
ciscounified_intelligence_center12.6\(1\)_es05_etany
ciscounified_intelligence_center12.6\(1\)_etany
ciscounified_intelligence_center12.6\(2\)any
ciscounified_contact_center_express8.5\(1\)any
ciscounified_contact_center_express9.0\(2\)su3es04any
ciscounified_contact_center_express10.0\(1\)su1any
ciscounified_contact_center_express10.0\(1\)su1es04any
ciscounified_contact_center_express10.5\(1\)any
ciscounified_contact_center_express10.5\(1\)su1any
ciscounified_contact_center_express10.5\(1\)su1es10any
ciscounified_contact_center_express10.6\(1\)any
ciscounified_contact_center_express10.6\(1\)su1any
ciscounified_contact_center_express10.6\(1\)su2any
ciscounified_contact_center_express10.6\(1\)su2es04any
ciscounified_contact_center_express10.6\(1\)su3any
ciscounified_contact_center_express10.6\(1\)su3es01any
ciscounified_contact_center_express10.6\(1\)su3es02any
ciscounified_contact_center_express10.6\(1\)su3es03any
ciscounified_contact_center_express11.0\(1\)su1any
ciscounified_contact_center_express11.0\(1\)su1es02any
ciscounified_contact_center_express11.0\(1\)su1es03any
ciscounified_contact_center_express11.5\(1\)es01any
ciscounified_contact_center_express11.5\(1\)su1any
ciscounified_contact_center_express11.5\(1\)su1es01any
ciscounified_contact_center_express11.5\(1\)su1es02any
ciscounified_contact_center_express11.5\(1\)su1es03any
ciscounified_contact_center_express11.6\(1\)any
ciscounified_contact_center_express11.6\(1\)es01any
ciscounified_contact_center_express11.6\(1\)es02any
ciscounified_contact_center_express11.6\(2\)any
ciscounified_contact_center_express11.6\(2\)es01any
ciscounified_contact_center_express11.6\(2\)es02any
ciscounified_contact_center_express11.6\(2\)es03any
ciscounified_contact_center_express11.6\(2\)es04any
ciscounified_contact_center_express11.6\(2\)es05any
ciscounified_contact_center_express11.6\(2\)es06any
ciscounified_contact_center_express11.6\(2\)es07any
ciscounified_contact_center_express11.6\(2\)es08any
ciscounified_contact_center_express12.0\(1\)any
ciscounified_contact_center_express12.0\(1\)es01any
ciscounified_contact_center_express12.0\(1\)es02any
ciscounified_contact_center_express12.0\(1\)es03any
ciscounified_contact_center_express12.0\(1\)es04any
ciscounified_contact_center_express12.5\(1\)any
ciscounified_contact_center_express12.5\(1\)_su01_es01any
ciscounified_contact_center_express12.5\(1\)_su01_es02any
ciscounified_contact_center_express12.5\(1\)_su01_es03any
ciscounified_contact_center_express12.5\(1\)_su02_es01any
ciscounified_contact_center_express12.5\(1\)_su02_es02any
ciscounified_contact_center_express12.5\(1\)_su02_es03any
ciscounified_contact_center_express12.5\(1\)_su02_es04any
ciscounified_contact_center_express12.5\(1\)_su03_es01any
ciscounified_contact_center_express12.5\(1\)_su03_es02any
ciscounified_contact_center_express12.5\(1\)_su03_es03any
ciscounified_contact_center_express12.5\(1\)_su03_es04any
ciscounified_contact_center_express12.5\(1\)_su03_es05any
ciscounified_contact_center_express12.5\(1\)_su03_es06any
ciscounified_contact_center_express12.5\(1\)es01any
ciscounified_contact_center_express12.5\(1\)es02any
ciscounified_contact_center_express12.5\(1\)es03any
ciscounified_contact_center_express12.5\(1\)su1any
ciscounified_contact_center_express12.5\(1\)su2any
ciscounified_contact_center_express12.5\(1\)su3any

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.