← Back

CVE-2025-20129

nvd nist
Published: Jun 4, 2025Modified: Aug 1, 2025

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.5
Source: NVD

Description

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.

Affected (77)

Cisco
2 products
Socialminer
Unified Contact Center Express
Configuration A
17 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Socialminer
Version 10.5(1)
Socialminer
Version 10.6(1)
Socialminer
Version 10.6(2)
Socialminer
Version 11.0(1)
Socialminer
Version 11.5(1)
Socialminer
Version 11.5(1)su1
Socialminer
Version 11.6(1)
Socialminer
Version 11.6(2)
Socialminer
Version 12.0(1)
Socialminer
Version 12.0(1)es02
Socialminer
Version 12.0(1)es03
Socialminer
Version 12.0(1)es04
Socialminer
Version 12.5(1)
Socialminer
Version 12.5(1)es01
Socialminer
Version 12.5(1)su1
Socialminer
Version 12.5(1)su2
Socialminer
Version 12.5(1)su3
Configuration B
60 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Unified Contact Center Express
Version 10.0(1)su1
Unified Contact Center Express
Version 10.0(1)su1es04
Unified Contact Center Express
Version 10.5(1)
Unified Contact Center Express
Version 10.5(1)su1
Unified Contact Center Express
Version 10.5(1)su1es10
Unified Contact Center Express
Version 10.6(1)
Unified Contact Center Express
Version 10.6(1)su1
Unified Contact Center Express
Version 10.6(1)su2
Unified Contact Center Express
Version 10.6(1)su2es04
Unified Contact Center Express
Version 10.6(1)su3
Unified Contact Center Express
Version 10.6(1)su3es01
Unified Contact Center Express
Version 10.6(1)su3es02
Unified Contact Center Express
Version 10.6(1)su3es03
Unified Contact Center Express
Version 11.0(1)su1
Unified Contact Center Express
Version 11.0(1)su1es02
Unified Contact Center Express
Version 11.0(1)su1es03
Unified Contact Center Express
Version 11.5(1)es01
Unified Contact Center Express
Version 11.5(1)su1
Unified Contact Center Express
Version 11.5(1)su1es01
Unified Contact Center Express
Version 11.5(1)su1es02
Unified Contact Center Express
Version 11.5(1)su1es03
Unified Contact Center Express
Version 11.6(1)
Unified Contact Center Express
Version 11.6(1)es01
Unified Contact Center Express
Version 11.6(1)es02
Unified Contact Center Express
Version 11.6(2)
Unified Contact Center Express
Version 11.6(2)es01
Unified Contact Center Express
Version 11.6(2)es02
Unified Contact Center Express
Version 11.6(2)es03
Unified Contact Center Express
Version 11.6(2)es04
Unified Contact Center Express
Version 11.6(2)es05
Unified Contact Center Express
Version 11.6(2)es06
Unified Contact Center Express
Version 11.6(2)es07
Unified Contact Center Express
Version 11.6(2)es08
Unified Contact Center Express
Version 12.0(1)
Unified Contact Center Express
Version 12.0(1)es01
Unified Contact Center Express
Version 12.0(1)es02
Unified Contact Center Express
Version 12.0(1)es03
Unified Contact Center Express
Version 12.0(1)es04
Unified Contact Center Express
Version 12.5(1)
Unified Contact Center Express
Version 12.5(1)_su01_es01
Unified Contact Center Express
Version 12.5(1)_su01_es02
Unified Contact Center Express
Version 12.5(1)_su01_es03
Unified Contact Center Express
Version 12.5(1)_su02_es01
Unified Contact Center Express
Version 12.5(1)_su02_es02
Unified Contact Center Express
Version 12.5(1)_su02_es03
Unified Contact Center Express
Version 12.5(1)_su02_es04
Unified Contact Center Express
Version 12.5(1)_su03_es01
Unified Contact Center Express
Version 12.5(1)_su03_es02
Unified Contact Center Express
Version 12.5(1)_su03_es03
Unified Contact Center Express
Version 12.5(1)_su03_es04
Unified Contact Center Express
Version 12.5(1)_su03_es05
Unified Contact Center Express
Version 12.5(1)_su03_es06
Unified Contact Center Express
Version 12.5(1)es01
Unified Contact Center Express
Version 12.5(1)es02
Unified Contact Center Express
Version 12.5(1)es03
Unified Contact Center Express
Version 12.5(1)su1
Unified Contact Center Express
Version 12.5(1)su2
Unified Contact Center Express
Version 12.5(1)su3
Unified Contact Center Express
Version 8.5(1)
Unified Contact Center Express
Version 9.0(2)su3es04

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (1)

Source: psirt@cisco.com
Vendor Advisory

Timeline

No history available yet.