Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-20129

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.

Published

2025-06-04T17:15:25.407

Last Modified

2025-08-01T15:08:03.230

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	socialminer	10.5\(1\)	Yes
Application	cisco	socialminer	10.6\(1\)	Yes
Application	cisco	socialminer	10.6\(2\)	Yes
Application	cisco	socialminer	11.0\(1\)	Yes
Application	cisco	socialminer	11.5\(1\)	Yes
Application	cisco	socialminer	11.5\(1\)su1	Yes
Application	cisco	socialminer	11.6\(1\)	Yes
Application	cisco	socialminer	11.6\(2\)	Yes
Application	cisco	socialminer	12.0\(1\)	Yes
Application	cisco	socialminer	12.0\(1\)es02	Yes
Application	cisco	socialminer	12.0\(1\)es03	Yes
Application	cisco	socialminer	12.0\(1\)es04	Yes
Application	cisco	socialminer	12.5\(1\)	Yes
Application	cisco	socialminer	12.5\(1\)es01	Yes
Application	cisco	socialminer	12.5\(1\)su1	Yes
Application	cisco	socialminer	12.5\(1\)su2	Yes
Application	cisco	socialminer	12.5\(1\)su3	Yes
Application	cisco	unified_contact_center_express	8.5\(1\)	Yes
Application	cisco	unified_contact_center_express	9.0\(2\)su3es04	Yes
Application	cisco	unified_contact_center_express	10.0\(1\)su1	Yes
Application	cisco	unified_contact_center_express	10.0\(1\)su1es04	Yes
Application	cisco	unified_contact_center_express	10.5\(1\)	Yes
Application	cisco	unified_contact_center_express	10.5\(1\)su1	Yes
Application	cisco	unified_contact_center_express	10.5\(1\)su1es10	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su1	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su2	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su2es04	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3es01	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3es02	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3es03	Yes
Application	cisco	unified_contact_center_express	11.0\(1\)su1	Yes
Application	cisco	unified_contact_center_express	11.0\(1\)su1es02	Yes
Application	cisco	unified_contact_center_express	11.0\(1\)su1es03	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)es01	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1es01	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1es02	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1es03	Yes
Application	cisco	unified_contact_center_express	11.6\(1\)	Yes
Application	cisco	unified_contact_center_express	11.6\(1\)es01	Yes
Application	cisco	unified_contact_center_express	11.6\(1\)es02	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es01	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es02	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es03	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es04	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es05	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es06	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es07	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es08	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es01	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es02	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es03	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es04	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su01_es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su01_es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su01_es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es04	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es04	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es05	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es06	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)su1	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)su2	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)su3	Yes

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd Vendor Advisory ([email protected])