CVE-2025-20288

Published: Jul 16, 2025Modified: Jul 22, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.

Affected (69)

Products: Cisco: Unified Intelligence Center, Unified Contact Center Express

Cisco

2 products

Unified Intelligence Center

Unified Contact Center Express

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Intelligence Center	Version 10.5(1)
Cisco Unified Intelligence Center	Version 11.0(1)
Cisco Unified Intelligence Center	Version 11.0(2)
Cisco Unified Intelligence Center	Version 11.0(3)
Cisco Unified Intelligence Center	Version 11.5(1)
Cisco Unified Intelligence Center	Version 11.6(1)
Cisco Unified Intelligence Center	Version 12.0(1)
Cisco Unified Intelligence Center	Version 12.5(1)
Cisco Unified Intelligence Center	Version 12.5(1)su
Cisco Unified Intelligence Center	Version 12.6(1)
Cisco Unified Intelligence Center	Version 12.6(1)_es05_et
Cisco Unified Intelligence Center	Version 12.6(1)_et
Cisco Unified Intelligence Center	Version 12.6(2)

Configuration B

56 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Contact Center Express	Version 10.5(1)
Cisco Unified Contact Center Express	Version 10.5(1)su1
Cisco Unified Contact Center Express	Version 10.5(1)su1es10
Cisco Unified Contact Center Express	Version 10.6(1)
Cisco Unified Contact Center Express	Version 10.6(1)su1
Cisco Unified Contact Center Express	Version 10.6(1)su2
Cisco Unified Contact Center Express	Version 10.6(1)su2es04
Cisco Unified Contact Center Express	Version 10.6(1)su3
Cisco Unified Contact Center Express	Version 10.6(1)su3es01
Cisco Unified Contact Center Express	Version 10.6(1)su3es02
Cisco Unified Contact Center Express	Version 10.6(1)su3es03
Cisco Unified Contact Center Express	Version 11.0(1)su1
Cisco Unified Contact Center Express	Version 11.0(1)su1es02
Cisco Unified Contact Center Express	Version 11.0(1)su1es03
Cisco Unified Contact Center Express	Version 11.5(1)es01
Cisco Unified Contact Center Express	Version 11.5(1)su1
Cisco Unified Contact Center Express	Version 11.5(1)su1es01
Cisco Unified Contact Center Express	Version 11.5(1)su1es02
Cisco Unified Contact Center Express	Version 11.5(1)su1es03
Cisco Unified Contact Center Express	Version 11.6(1)
Cisco Unified Contact Center Express	Version 11.6(1)es01
Cisco Unified Contact Center Express	Version 11.6(1)es02
Cisco Unified Contact Center Express	Version 11.6(2)
Cisco Unified Contact Center Express	Version 11.6(2)es01
Cisco Unified Contact Center Express	Version 11.6(2)es02
Cisco Unified Contact Center Express	Version 11.6(2)es03
Cisco Unified Contact Center Express	Version 11.6(2)es04
Cisco Unified Contact Center Express	Version 11.6(2)es05
Cisco Unified Contact Center Express	Version 11.6(2)es06
Cisco Unified Contact Center Express	Version 11.6(2)es07
Cisco Unified Contact Center Express	Version 11.6(2)es08
Cisco Unified Contact Center Express	Version 12.0(1)
Cisco Unified Contact Center Express	Version 12.0(1)es01
Cisco Unified Contact Center Express	Version 12.0(1)es02
Cisco Unified Contact Center Express	Version 12.0(1)es03
Cisco Unified Contact Center Express	Version 12.0(1)es04
Cisco Unified Contact Center Express	Version 12.5(1)
Cisco Unified Contact Center Express	Version 12.5(1)_su01_es01
Cisco Unified Contact Center Express	Version 12.5(1)_su01_es02
Cisco Unified Contact Center Express	Version 12.5(1)_su01_es03
Cisco Unified Contact Center Express	Version 12.5(1)_su02_es01
Cisco Unified Contact Center Express	Version 12.5(1)_su02_es02
Cisco Unified Contact Center Express	Version 12.5(1)_su02_es03
Cisco Unified Contact Center Express	Version 12.5(1)_su02_es04
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es01
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es02
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es03
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es04
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es05
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es06
Cisco Unified Contact Center Express	Version 12.5(1)es01
Cisco Unified Contact Center Express	Version 12.5(1)es02
Cisco Unified Contact Center Express	Version 12.5(1)es03
Cisco Unified Contact Center Express	Version 12.5(1)su1
Cisco Unified Contact Center Express	Version 12.5(1)su2
Cisco Unified Contact Center Express	Version 12.5(1)su3

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-ssrf-JSuDjeV

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.