CVE-2025-20377
BaseFortify
Publication date: 2025-11-05
Last updated on: 2025-11-06
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | unified_intelligence_center | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the API subsystem of Cisco Unified Intelligence Center. It allows an authenticated remote attacker with valid user credentials to send specially crafted requests to certain API endpoints, which are improperly validated. As a result, a low-privileged user could access sensitive information that should normally be restricted.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow a low-privileged user to view sensitive information on the affected system that they should not have access to. This could lead to unauthorized disclosure of confidential data, potentially compromising privacy and security within the organization.