CVE-2025-20114

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access specific data that is associated with different users on the affected system.

Severity	MEDIUM
CVSS	4.3
EPSS	0.19% EPSS low
CWE	CWE-639
KEV
Published	1 year ago
Modified	10 months ago

Public Affected Products

Product	Advisory	Evidence
Cisco Unified Intelligence Center	cisco-sa-cuis-priv-esc-3Pk96SU4	Cisco CSAF · structured affected
Cisco Unified Contact Center Express	cisco-sa-cuis-priv-esc-3Pk96SU4	Cisco CSAF · structured affected