CVE-2025-20129
BaseFortify
Publication date: 2025-06-04
Last updated on: 2025-08-01
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | socialminer | 10.5\(1\) |
| cisco | socialminer | 10.6\(1\) |
| cisco | socialminer | 10.6\(2\) |
| cisco | socialminer | 11.0\(1\) |
| cisco | socialminer | 11.5\(1\) |
| cisco | socialminer | 11.5\(1\)su1 |
| cisco | socialminer | 11.6\(1\) |
| cisco | socialminer | 11.6\(2\) |
| cisco | socialminer | 12.0\(1\) |
| cisco | socialminer | 12.0\(1\)es02 |
| cisco | socialminer | 12.0\(1\)es03 |
| cisco | socialminer | 12.0\(1\)es04 |
| cisco | socialminer | 12.5\(1\) |
| cisco | socialminer | 12.5\(1\)es01 |
| cisco | socialminer | 12.5\(1\)su1 |
| cisco | socialminer | 12.5\(1\)su2 |
| cisco | socialminer | 12.5\(1\)su3 |
| cisco | unified_contact_center_express | 8.5\(1\) |
| cisco | unified_contact_center_express | 9.0\(2\)su3es04 |
| cisco | unified_contact_center_express | 10.0\(1\)su1 |
| cisco | unified_contact_center_express | 10.0\(1\)su1es04 |
| cisco | unified_contact_center_express | 10.5\(1\) |
| cisco | unified_contact_center_express | 10.5\(1\)su1 |
| cisco | unified_contact_center_express | 10.5\(1\)su1es10 |
| cisco | unified_contact_center_express | 10.6\(1\) |
| cisco | unified_contact_center_express | 10.6\(1\)su1 |
| cisco | unified_contact_center_express | 10.6\(1\)su2 |
| cisco | unified_contact_center_express | 10.6\(1\)su2es04 |
| cisco | unified_contact_center_express | 10.6\(1\)su3 |
| cisco | unified_contact_center_express | 10.6\(1\)su3es01 |
| cisco | unified_contact_center_express | 10.6\(1\)su3es02 |
| cisco | unified_contact_center_express | 10.6\(1\)su3es03 |
| cisco | unified_contact_center_express | 11.0\(1\)su1 |
| cisco | unified_contact_center_express | 11.0\(1\)su1es02 |
| cisco | unified_contact_center_express | 11.0\(1\)su1es03 |
| cisco | unified_contact_center_express | 11.5\(1\)es01 |
| cisco | unified_contact_center_express | 11.5\(1\)su1 |
| cisco | unified_contact_center_express | 11.5\(1\)su1es01 |
| cisco | unified_contact_center_express | 11.5\(1\)su1es02 |
| cisco | unified_contact_center_express | 11.5\(1\)su1es03 |
| cisco | unified_contact_center_express | 11.6\(1\) |
| cisco | unified_contact_center_express | 11.6\(1\)es01 |
| cisco | unified_contact_center_express | 11.6\(1\)es02 |
| cisco | unified_contact_center_express | 11.6\(2\) |
| cisco | unified_contact_center_express | 11.6\(2\)es01 |
| cisco | unified_contact_center_express | 11.6\(2\)es02 |
| cisco | unified_contact_center_express | 11.6\(2\)es03 |
| cisco | unified_contact_center_express | 11.6\(2\)es04 |
| cisco | unified_contact_center_express | 11.6\(2\)es05 |
| cisco | unified_contact_center_express | 11.6\(2\)es06 |
| cisco | unified_contact_center_express | 11.6\(2\)es07 |
| cisco | unified_contact_center_express | 11.6\(2\)es08 |
| cisco | unified_contact_center_express | 12.0\(1\) |
| cisco | unified_contact_center_express | 12.0\(1\)es01 |
| cisco | unified_contact_center_express | 12.0\(1\)es02 |
| cisco | unified_contact_center_express | 12.0\(1\)es03 |
| cisco | unified_contact_center_express | 12.0\(1\)es04 |
| cisco | unified_contact_center_express | 12.5\(1\) |
| cisco | unified_contact_center_express | 12.5\(1\)_su01_es01 |
| cisco | unified_contact_center_express | 12.5\(1\)_su01_es02 |
| cisco | unified_contact_center_express | 12.5\(1\)_su01_es03 |
| cisco | unified_contact_center_express | 12.5\(1\)_su02_es01 |
| cisco | unified_contact_center_express | 12.5\(1\)_su02_es02 |
| cisco | unified_contact_center_express | 12.5\(1\)_su02_es03 |
| cisco | unified_contact_center_express | 12.5\(1\)_su02_es04 |
| cisco | unified_contact_center_express | 12.5\(1\)_su03_es01 |
| cisco | unified_contact_center_express | 12.5\(1\)_su03_es02 |
| cisco | unified_contact_center_express | 12.5\(1\)_su03_es03 |
| cisco | unified_contact_center_express | 12.5\(1\)_su03_es04 |
| cisco | unified_contact_center_express | 12.5\(1\)_su03_es05 |
| cisco | unified_contact_center_express | 12.5\(1\)_su03_es06 |
| cisco | unified_contact_center_express | 12.5\(1\)es01 |
| cisco | unified_contact_center_express | 12.5\(1\)es02 |
| cisco | unified_contact_center_express | 12.5\(1\)es03 |
| cisco | unified_contact_center_express | 12.5\(1\)su1 |
| cisco | unified_contact_center_express | 12.5\(1\)su2 |
| cisco | unified_contact_center_express | 12.5\(1\)su3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the web-based chat interface of Cisco Customer Collaboration Platform (CCP). It is caused by improper sanitization of HTTP requests sent to the chat interface. An unauthenticated remote attacker can exploit this by sending specially crafted HTTP requests to a targeted user's chat interface on a vulnerable server. If successful, the attacker can redirect chat traffic to a server they control, allowing them to capture sensitive information. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to sensitive chat information being redirected to and captured by an attacker-controlled server. This means that confidential or private data exchanged via the chat interface could be exposed to unauthorized parties, potentially leading to information disclosure and privacy breaches. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific detection method or commands provided for identifying this vulnerability on your network or system. The vulnerability involves crafted HTTP requests targeting the web-based chat interface, but no detection tools or commands are mentioned.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Cisco Customer Collaboration Platform (CCP) to version 15.0(1) or later, where the vulnerability is fixed. No workarounds are available, so applying the fixed software version is the recommended mitigation. Additionally, consulting Cisco TAC or maintenance providers for upgrade assistance is advised. [1]