Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-20278

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.

Published

2025-06-04T17:15:27.963

Last Modified

2025-07-31T15:02:05.967

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.0 (MEDIUM)

Weaknesses

Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	finesse	10.5\(1\)	Yes
Application	cisco	finesse	10.5\(1\)_es1	Yes
Application	cisco	finesse	10.5\(1\)_es2	Yes
Application	cisco	finesse	10.5\(1\)_es3	Yes
Application	cisco	finesse	10.5\(1\)_es4	Yes
Application	cisco	finesse	10.5\(1\)_es5	Yes
Application	cisco	finesse	10.5\(1\)_es6	Yes
Application	cisco	finesse	10.5\(1\)_es7	Yes
Application	cisco	finesse	10.5\(1\)_es8	Yes
Application	cisco	finesse	10.5\(1\)_es9	Yes
Application	cisco	finesse	10.5\(1\)_es10	Yes
Application	cisco	finesse	11.0\(1\)	Yes
Application	cisco	finesse	11.0\(1\)	Yes
Application	cisco	finesse	11.0\(1\)	Yes
Application	cisco	finesse	11.0\(1\)	Yes
Application	cisco	finesse	11.0\(1\)	Yes
Application	cisco	finesse	11.0\(1\)	Yes
Application	cisco	finesse	11.0\(1\)	Yes
Application	cisco	finesse	11.0\(1\)	Yes
Application	cisco	finesse	11.5\(1\)	Yes
Application	cisco	finesse	11.5\(1\)	Yes
Application	cisco	finesse	11.5\(1\)	Yes
Application	cisco	finesse	11.5\(1\)	Yes
Application	cisco	finesse	11.5\(1\)	Yes
Application	cisco	finesse	11.5\(1\)	Yes
Application	cisco	finesse	11.5\(1\)	Yes
Application	cisco	finesse	11.6\(1\)	Yes
Application	cisco	finesse	11.6\(1\)	Yes
Application	cisco	finesse	11.6\(1\)	Yes
Application	cisco	finesse	11.6\(1\)	Yes
Application	cisco	finesse	11.6\(1\)	Yes
Application	cisco	finesse	11.6\(1\)	Yes
Application	cisco	finesse	11.6\(1\)	Yes
Application	cisco	finesse	11.6\(1\)	Yes
Application	cisco	finesse	11.6\(1\)	Yes
Application	cisco	finesse	11.6\(1\)	Yes
Application	cisco	finesse	11.6\(1\)	Yes
Application	cisco	finesse	11.6\(1\)	Yes
Application	cisco	finesse	11.6\(1\)_fips	Yes
Application	cisco	finesse	12.0\(1\)	Yes
Application	cisco	finesse	12.0\(1\)	Yes
Application	cisco	finesse	12.0\(1\)	Yes
Application	cisco	finesse	12.0\(1\)	Yes
Application	cisco	finesse	12.0\(1\)	Yes
Application	cisco	finesse	12.0\(1\)	Yes
Application	cisco	finesse	12.0\(1\)	Yes
Application	cisco	finesse	12.0\(1\)	Yes
Application	cisco	finesse	12.0\(1\)	Yes
Application	cisco	finesse	12.5\(1\)	Yes
Application	cisco	finesse	12.5\(1\)	Yes
Application	cisco	finesse	12.5\(1\)	Yes
Application	cisco	finesse	12.5\(1\)	Yes
Application	cisco	finesse	12.5\(1\)	Yes
Application	cisco	finesse	12.5\(1\)	Yes
Application	cisco	finesse	12.5\(1\)	Yes
Application	cisco	finesse	12.5\(1\)	Yes
Application	cisco	finesse	12.5\(1\)	Yes
Application	cisco	finesse	12.5\(1\)	Yes
Application	cisco	finesse	12.5\(1\)	Yes
Application	cisco	finesse	12.5\(1\)	Yes
Application	cisco	finesse	12.5\(1\)	Yes
Application	cisco	finesse	12.5\(2\)	Yes
Application	cisco	finesse	12.6\(1\)	Yes
Application	cisco	finesse	12.6\(1\)	Yes
Application	cisco	finesse	12.6\(1\)	Yes
Application	cisco	finesse	12.6\(1\)	Yes
Application	cisco	finesse	12.6\(1\)	Yes
Application	cisco	finesse	12.6\(1\)	Yes
Application	cisco	finesse	12.6\(1\)	Yes
Application	cisco	finesse	12.6\(1\)	Yes
Application	cisco	finesse	12.6\(1\)	Yes
Application	cisco	finesse	12.6\(1\)	Yes
Application	cisco	finesse	12.6\(1\)	Yes
Application	cisco	finesse	12.6\(1\)	Yes
Application	cisco	finesse	12.6\(1\)	Yes
Application	cisco	finesse	12.6\(2\)	Yes
Application	cisco	finesse	12.6\(2\)	Yes
Application	cisco	finesse	12.6\(2\)	Yes
Application	cisco	finesse	12.6\(2\)	Yes
Application	cisco	finesse	12.6\(2\)	Yes
Application	cisco	finesse	12.6\(2\)	Yes
Application	cisco	socialminer	10.5\(1\)	Yes
Application	cisco	socialminer	10.6\(1\)	Yes
Application	cisco	socialminer	10.6\(2\)	Yes
Application	cisco	socialminer	11.0\(1\)	Yes
Application	cisco	socialminer	11.5\(1\)	Yes
Application	cisco	socialminer	11.5\(1\)su1	Yes
Application	cisco	socialminer	11.6\(1\)	Yes
Application	cisco	socialminer	11.6\(2\)	Yes
Application	cisco	socialminer	12.0\(1\)	Yes
Application	cisco	socialminer	12.0\(1\)es02	Yes
Application	cisco	socialminer	12.0\(1\)es03	Yes
Application	cisco	socialminer	12.0\(1\)es04	Yes
Application	cisco	socialminer	12.5\(1\)	Yes
Application	cisco	socialminer	12.5\(1\)es01	Yes
Application	cisco	socialminer	12.5\(1\)su1	Yes
Application	cisco	socialminer	12.5\(1\)su2	Yes
Application	cisco	socialminer	12.5\(1\)su3	Yes
Application	cisco	unified_communications_manager	12.5\(1\)	Yes
Application	cisco	unified_communications_manager	12.5\(1\)su1	Yes
Application	cisco	unified_communications_manager	12.5\(1\)su2	Yes
Application	cisco	unified_communications_manager	12.5\(1\)su3	Yes
Application	cisco	unified_communications_manager	12.5\(1\)su4	Yes
Application	cisco	unified_communications_manager	12.5\(1\)su5	Yes
Application	cisco	unified_communications_manager	12.5\(1\)su6	Yes
Application	cisco	unified_communications_manager	12.5\(1\)su7	Yes
Application	cisco	unified_communications_manager	12.5\(1\)su7a	Yes
Application	cisco	unified_communications_manager	12.5\(1\)su8	Yes
Application	cisco	unified_communications_manager	12.5\(1\)su8a	Yes
Application	cisco	unified_communications_manager	12.5\(1\)su9	Yes
Application	cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)	Yes
Application	cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su1	Yes
Application	cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su2	Yes
Application	cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su3	Yes
Application	cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su4	Yes
Application	cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su5	Yes
Application	cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su6	Yes
Application	cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su7	Yes
Application	cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su8	Yes
Application	cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su9	Yes
Application	cisco	unified_contact_center_express	8.5\(1\)	Yes
Application	cisco	unified_contact_center_express	9.0\(2\)su3es04	Yes
Application	cisco	unified_contact_center_express	10.0\(1\)su1	Yes
Application	cisco	unified_contact_center_express	10.0\(1\)su1es04	Yes
Application	cisco	unified_contact_center_express	10.5\(1\)	Yes
Application	cisco	unified_contact_center_express	10.5\(1\)su1	Yes
Application	cisco	unified_contact_center_express	10.5\(1\)su1es10	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su1	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su2	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su2es04	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3es01	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3es02	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3es03	Yes
Application	cisco	unified_contact_center_express	11.0\(1\)su1	Yes
Application	cisco	unified_contact_center_express	11.0\(1\)su1es02	Yes
Application	cisco	unified_contact_center_express	11.0\(1\)su1es03	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)es01	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1es01	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1es02	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1es03	Yes
Application	cisco	unified_contact_center_express	11.6\(1\)	Yes
Application	cisco	unified_contact_center_express	11.6\(1\)es01	Yes
Application	cisco	unified_contact_center_express	11.6\(1\)es02	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es01	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es02	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es03	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es04	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es05	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es06	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es07	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es08	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es01	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es02	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es03	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es04	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su01_es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su01_es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su01_es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es04	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es04	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es05	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es06	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)su1	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)su2	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)su3	Yes
Application	cisco	unified_intelligence_center	< 12.6\(2\)es_04	Yes
Application	cisco	unity_connection	12.5\(1\)	Yes
Application	cisco	unity_connection	12.5\(1\)su1	Yes
Application	cisco	unity_connection	12.5\(1\)su2	Yes
Application	cisco	unity_connection	12.5\(1\)su3	Yes
Application	cisco	unity_connection	12.5\(1\)su4	Yes
Application	cisco	unity_connection	12.5\(1\)su5	Yes
Application	cisco	unity_connection	12.5\(1\)su6	Yes
Application	cisco	unity_connection	12.5\(1\)su7	Yes
Application	cisco	unity_connection	12.5\(1\)su8	Yes
Application	cisco	unity_connection	12.5\(1\)su8a	Yes
Application	cisco	unity_connection	12.5\(1\)su9	Yes
Application	cisco	virtualized_voice_browser	< 12.6\(2\)es06	Yes

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy Vendor Advisory ([email protected])