CVE-2025-20288
Severity CVSS v4.0:
Pending analysis
Type:
CWE-918
Server-Side Request Forgery (SSRF)
Publication date:
16/07/2025
Last modified:
22/07/2025
Description
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.<br />
<br />
This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.
Impact
Base Score 3.x
5.80
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:cisco:unified_intelligence_center:10.5\(1\):*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:unified_intelligence_center:11.0\(1\):*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:unified_intelligence_center:11.0\(2\):*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:unified_intelligence_center:11.0\(3\):*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:unified_intelligence_center:11.5\(1\):*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:unified_intelligence_center:11.6\(1\):*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:unified_intelligence_center:12.0\(1\):*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:unified_intelligence_center:12.5\(1\):*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:unified_intelligence_center:12.5\(1\)su:*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\)_es05_et:*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\)_et:*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(2\):*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\):*:*:*:*:*:*:* | ||
cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\)su1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page