CVE-2025-20377

A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive information on the affected system that should be restricted. To exploit this vulnerability, the attacker must have valid user credentials on the affected system.

Severity	MEDIUM
CVSS	4.3
CWE	CWE-200
KEV
Published	6 months ago
Modified	1 month ago

Related Products

Product	Advisory
Cisco Packaged Contact Center Enterprise	cisco-sa-cc-mult-vuln-gK4TFXSn
Cisco Unified Contact Center Express	cisco-sa-cc-mult-vuln-gK4TFXSn
Cisco Unified Contact Center Enterprise	cisco-sa-cc-mult-vuln-gK4TFXSn
Cisco Unified Contact Center	cisco-sa-cc-mult-vuln-gK4TFXSn
Cisco Unified Intelligence Center	cisco-sa-cc-mult-vuln-gK4TFXSn