VDB
CVE-2025-20129
CVE-2025-20129
PUBLISHED
CVSS 4.300000190734863 MEDIUM
A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.
EPSS 0.04% · 12.0th percentile
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score
0.04%
12.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Unified Contact Center Express | 11.5(1)ES01, 10.6(1), 10.6(1)SU3 |
| Cisco | Cisco SocialMiner | *, *, 12.5(1)ES01 |
| cisco | unified_contact_center_express | 12.5\(1\)_su03_es02, 12.5\(1\)_su03_es05, 12.5\(1\)_su03_es06 |
| cisco | socialminer | 12.5\(1\)su1, 12.5\(1\), 12.0\(1\)es04 |
Exploit Intelligence
- cisco-sa-ccp-info-disc-ZyGerQpd (circl)
Timeline
- Oct 10, 2024 CVE ID Reserved
- Jun 4, 2025 CVE Published
- Jun 4, 2025 CVE Updated
- Jun 5, 2025 EPSS Score
- Jun 16, 2025 EPSS Score
- Jun 19, 2025 Coalition ESS Score
- Jun 26, 2025 EPSS Score
- Jul 7, 2025 EPSS Score
- Jul 18, 2025 EPSS Score
- Jul 28, 2025 EPSS Score
- Aug 1, 2025 Coalition ESS Score
- Aug 8, 2025 EPSS Score