CVE-2025-20112
Published: May 21, 2025
Modified: Feb 26, 2026
CVSS v3.1
5.1
Description
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor.
| Vendor | Product | Versions |
|---|---|---|
Cisco | Cisco Emergency Responder | affected 12.5(1a)affected 12.5(1)SU1affected 12.5(1)affected 12.5(1)SU2affected 12.5(1)SU3+17 more versions |
Cisco | Cisco Finesse | affected 11.0(1)ES_Rollbackaffected 10.5(1)ES4affected 11.6(1)ES3affected 11.0(1)ES2affected 12.0(1)ES2+79 more versions |
Cisco | Cisco Prime Collaboration Deployment | affected 11.5(1)affected 11.0(1a)affected 11.5(1)SU1affected 10.5(3)affected 12.6(1)+18 more versions |
Cisco | Cisco SocialMiner | affected 12.5(1)ES01affected 10.5(1)affected 11.6(1)affected 10.6(1)affected 12.0(1)ES04+12 more versions |
Cisco | Cisco Unified Communications Manager | affected 12.5(1)SU2affected 12.5(1)SU1affected 12.5(1)affected 12.5(1)SU3affected 12.5(1)SU4+16 more versions |
Cisco | Cisco Unified Communications Manager IM and Presence Service | affected 12.5(1)affected 12.5(1)SU1affected 12.5(1)SU2affected 12.5(1)SU3affected 12.5(1)SU4+13 more versions |
Cisco | Cisco Unified Contact Center Express | affected 10.5(1)SU1affected 10.6(1)affected 11.6(1)affected 10.6(1)SU1affected 10.6(1)SU3+56 more versions |
Cisco | Cisco Unified Intelligence Center | affected 11.6(1)affected 10.5(1)affected 11.0(1)affected 11.5(1)affected 12.0(1)+17 more versions |
Cisco | Cisco Unity Connection | affected 12.5(1)affected 12.5(1)SU1affected 12.5(1)SU2affected 12.5(1)SU3affected 12.5(1)SU4+14 more versions |
Cisco | Cisco Virtualized Voice Browser | affected 11.0(1)affected 11.6(1)_ES84affected 11.5(1)_ES54affected 11.5(1)_ES27affected 11.5(1)+88 more versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now