CVE-2025-20288

MEDIUM

Cisco Unified Intelligence Center - SSRF

Title source: llm
STIX 2.1

Description

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.

References (1)

Core 1

Scores

CVSS v3 5.8
EPSS 0.0004
EPSS Percentile 11.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-918
Status published
Products (50)
cisco/unified_contact_center_express 10.5\(1\)
cisco/unified_contact_center_express 10.5\(1\)su1
cisco/unified_contact_center_express 10.5\(1\)su1es10
cisco/unified_contact_center_express 10.6\(1\)
cisco/unified_contact_center_express 10.6\(1\)su1
cisco/unified_contact_center_express 10.6\(1\)su2
cisco/unified_contact_center_express 10.6\(1\)su2es04
cisco/unified_contact_center_express 10.6\(1\)su3
cisco/unified_contact_center_express 10.6\(1\)su3es01
cisco/unified_contact_center_express 10.6\(1\)su3es02
... and 40 more
Published Jul 16, 2025
Tracked Since Feb 18, 2026