CVE-2025-20288

Severity CVSS v4.0:
Pending analysis
Type:
CWE-918 Server-Side Request Forgery (SSRF)
Publication date:
16/07/2025
Last modified:
22/07/2025

Description

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.<br /> <br /> This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:cisco:unified_intelligence_center:10.5\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:11.0\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:11.0\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:11.5\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:11.6\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:12.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:12.5\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:12.5\(1\)su:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\)_es05_et:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\)_et:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\)su1:*:*:*:*:*:*:*