CVE-2025-20377
Published: Nov 5, 2025
Modified: Nov 21, 2025
CVSS v3.1
4.3
Description
A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive information on the affected system that should be restricted. To exploit this vulnerability, the attacker must have valid user credentials on the affected system.
| Vendor | Product | Versions |
|---|---|---|
Cisco | Cisco Packaged Contact Center Enterprise | affected 12.5(1)affected 11.0(1)affected 12.0(1)affected 11.0(2)affected 11.5(1)+10 more versions |
Cisco | Cisco Unified Contact Center Enterprise | affected 12.6(1)ES3affected 12.6(1)ES1affected 12.6(1)affected 12.6(1)ES2affected 12.6(1)SecurityPatch+16 more versions |
Cisco | Cisco Unified Contact Center Express | affected 10.5(1)SU1affected 10.6(1)affected 11.6(1)affected 10.6(1)SU1affected 10.6(1)SU3+52 more versions |
Cisco | Cisco Unified Intelligence Center | affected 11.6(1)affected 10.5(1)affected 11.0(1)affected 11.5(1)affected 12.0(1)+20 more versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now