CVE-2025-20129

MEDIUM EPSS 21.8%
Published Jun 4, 20251y ago · Modified Jun 17, 20262w ago
5.4 CVSS 3.1
Medium
Find Similar
Published Jun 4, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.

CVSS Details

Base Score
5.4
Exploitability
2.8
Impact
2.5
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
21.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 77

VendorProductVersionRange
ciscosocialminer10.5\(1\)any
ciscosocialminer10.6\(1\)any
ciscosocialminer10.6\(2\)any
ciscosocialminer11.0\(1\)any
ciscosocialminer11.5\(1\)any
ciscosocialminer11.5\(1\)su1any
ciscosocialminer11.6\(1\)any
ciscosocialminer11.6\(2\)any
ciscosocialminer12.0\(1\)any
ciscosocialminer12.0\(1\)es02any
ciscosocialminer12.0\(1\)es03any
ciscosocialminer12.0\(1\)es04any
ciscosocialminer12.5\(1\)any
ciscosocialminer12.5\(1\)es01any
ciscosocialminer12.5\(1\)su1any
ciscosocialminer12.5\(1\)su2any
ciscosocialminer12.5\(1\)su3any
ciscounified_contact_center_express8.5\(1\)any
ciscounified_contact_center_express9.0\(2\)su3es04any
ciscounified_contact_center_express10.0\(1\)su1any
ciscounified_contact_center_express10.0\(1\)su1es04any
ciscounified_contact_center_express10.5\(1\)any
ciscounified_contact_center_express10.5\(1\)su1any
ciscounified_contact_center_express10.5\(1\)su1es10any
ciscounified_contact_center_express10.6\(1\)any
ciscounified_contact_center_express10.6\(1\)su1any
ciscounified_contact_center_express10.6\(1\)su2any
ciscounified_contact_center_express10.6\(1\)su2es04any
ciscounified_contact_center_express10.6\(1\)su3any
ciscounified_contact_center_express10.6\(1\)su3es01any
ciscounified_contact_center_express10.6\(1\)su3es02any
ciscounified_contact_center_express10.6\(1\)su3es03any
ciscounified_contact_center_express11.0\(1\)su1any
ciscounified_contact_center_express11.0\(1\)su1es02any
ciscounified_contact_center_express11.0\(1\)su1es03any
ciscounified_contact_center_express11.5\(1\)es01any
ciscounified_contact_center_express11.5\(1\)su1any
ciscounified_contact_center_express11.5\(1\)su1es01any
ciscounified_contact_center_express11.5\(1\)su1es02any
ciscounified_contact_center_express11.5\(1\)su1es03any
ciscounified_contact_center_express11.6\(1\)any
ciscounified_contact_center_express11.6\(1\)es01any
ciscounified_contact_center_express11.6\(1\)es02any
ciscounified_contact_center_express11.6\(2\)any
ciscounified_contact_center_express11.6\(2\)es01any
ciscounified_contact_center_express11.6\(2\)es02any
ciscounified_contact_center_express11.6\(2\)es03any
ciscounified_contact_center_express11.6\(2\)es04any
ciscounified_contact_center_express11.6\(2\)es05any
ciscounified_contact_center_express11.6\(2\)es06any
ciscounified_contact_center_express11.6\(2\)es07any
ciscounified_contact_center_express11.6\(2\)es08any
ciscounified_contact_center_express12.0\(1\)any
ciscounified_contact_center_express12.0\(1\)es01any
ciscounified_contact_center_express12.0\(1\)es02any
ciscounified_contact_center_express12.0\(1\)es03any
ciscounified_contact_center_express12.0\(1\)es04any
ciscounified_contact_center_express12.5\(1\)any
ciscounified_contact_center_express12.5\(1\)_su01_es01any
ciscounified_contact_center_express12.5\(1\)_su01_es02any
ciscounified_contact_center_express12.5\(1\)_su01_es03any
ciscounified_contact_center_express12.5\(1\)_su02_es01any
ciscounified_contact_center_express12.5\(1\)_su02_es02any
ciscounified_contact_center_express12.5\(1\)_su02_es03any
ciscounified_contact_center_express12.5\(1\)_su02_es04any
ciscounified_contact_center_express12.5\(1\)_su03_es01any
ciscounified_contact_center_express12.5\(1\)_su03_es02any
ciscounified_contact_center_express12.5\(1\)_su03_es03any
ciscounified_contact_center_express12.5\(1\)_su03_es04any
ciscounified_contact_center_express12.5\(1\)_su03_es05any
ciscounified_contact_center_express12.5\(1\)_su03_es06any
ciscounified_contact_center_express12.5\(1\)es01any
ciscounified_contact_center_express12.5\(1\)es02any
ciscounified_contact_center_express12.5\(1\)es03any
ciscounified_contact_center_express12.5\(1\)su1any
ciscounified_contact_center_express12.5\(1\)su2any
ciscounified_contact_center_express12.5\(1\)su3any

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.