Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-20114

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access specific data that is associated with different users on the affected system.

Published

2025-05-21T17:15:55.810

Last Modified

2025-07-22T14:41:40.413

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	unified_intelligence_center	10.5\(1\)	Yes
Application	cisco	unified_intelligence_center	11.0\(1\)	Yes
Application	cisco	unified_intelligence_center	11.0\(2\)	Yes
Application	cisco	unified_intelligence_center	11.0\(3\)	Yes
Application	cisco	unified_intelligence_center	11.5\(1\)	Yes
Application	cisco	unified_intelligence_center	11.6\(1\)	Yes
Application	cisco	unified_intelligence_center	12.0\(1\)	Yes
Application	cisco	unified_intelligence_center	12.5\(1\)	Yes
Application	cisco	unified_intelligence_center	12.5\(1\)su	Yes
Application	cisco	unified_intelligence_center	12.6\(1\)	Yes
Application	cisco	unified_intelligence_center	12.6\(1\)_es05_et	Yes
Application	cisco	unified_intelligence_center	12.6\(1\)_et	Yes
Application	cisco	unified_intelligence_center	12.6\(2\)	Yes
Application	cisco	unified_contact_center_express	8.5\(1\)	Yes
Application	cisco	unified_contact_center_express	9.0\(2\)su3es04	Yes
Application	cisco	unified_contact_center_express	10.0\(1\)su1	Yes
Application	cisco	unified_contact_center_express	10.0\(1\)su1es04	Yes
Application	cisco	unified_contact_center_express	10.5\(1\)	Yes
Application	cisco	unified_contact_center_express	10.5\(1\)su1	Yes
Application	cisco	unified_contact_center_express	10.5\(1\)su1es10	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su1	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su2	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su2es04	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3es01	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3es02	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3es03	Yes
Application	cisco	unified_contact_center_express	11.0\(1\)su1	Yes
Application	cisco	unified_contact_center_express	11.0\(1\)su1es02	Yes
Application	cisco	unified_contact_center_express	11.0\(1\)su1es03	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)es01	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1es01	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1es02	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1es03	Yes
Application	cisco	unified_contact_center_express	11.6\(1\)	Yes
Application	cisco	unified_contact_center_express	11.6\(1\)es01	Yes
Application	cisco	unified_contact_center_express	11.6\(1\)es02	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es01	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es02	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es03	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es04	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es05	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es06	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es07	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es08	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es01	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es02	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es03	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es04	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su01_es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su01_es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su01_es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es04	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es04	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es05	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es06	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)su1	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)su2	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)su3	Yes

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4 Vendor Advisory ([email protected])