CVE-2025-1041

Published: Jun 10, 2025Modified: Jul 30, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.

Affected (2)

Products: Avaya: Call Management System

Avaya

1 product

Call Management System

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Avaya Call Management System	From 18.0.0.1 to 19.2.0.7
Avaya Call Management System	From 20.0 to 20.0.1.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (1)

https://support.avaya.com/css/public/documents/101093084

Source: securityalerts@avaya.com

Vendor Advisory

Timeline

No history available yet.