VDB
CVE-2025-20377
CVE-2025-20377
PUBLISHED
CVSS 4.300000190734863 MEDIUM
A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive information on the affected system that should be restricted. To exploit this vulnerability, the attacker must have valid user credentials on the affected system.
EPSS 0.05% · 17.2th percentile
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.05%
17.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Unified Contact Center Enterprise | 12.6(1)ES1, 11.0, * |
| Cisco | Cisco Packaged Contact Center Enterprise | *, *, * |
| Cisco | Cisco Unified Intelligence Center | *, 11.6(1), 10.5(1) |
| Cisco | Cisco Unified Contact Center Express | *, *, * |
Exploit Intelligence
- cisco-sa-cc-mult-vuln-gK4TFXSn (circl)
Timeline
- Oct 10, 2024 CVE ID Reserved
- Nov 5, 2025 Coalition ESS Score
- Nov 5, 2025 CVE Published
- Nov 6, 2025 EPSS Score
- Nov 8, 2025 Coalition ESS Score
- Nov 11, 2025 EPSS Score
- Nov 14, 2025 Coalition ESS Score
- Nov 17, 2025 EPSS Score
- Nov 21, 2025 CVE Updated
- Nov 22, 2025 EPSS Score
- Nov 27, 2025 EPSS Score
- Dec 3, 2025 EPSS Score