1. Home
  2. CVE Database
  3. CVE-2025-20114
MEDIUM · 4.3

CVE-2025-20114

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnera...

Vulnerability Description

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access specific data that is associated with different users on the affected system.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
CiscoUnified Intelligence Center10.5\(1\)
CiscoUnified Contact Center Express8.5\(1\)

Related Weaknesses (CWE)

CWE-639

References

FAQ

What is CVE-2025-20114?

CVE-2025-20114 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnera...

How severe is CVE-2025-20114?

CVE-2025-20114 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-20114?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Intelligence Center, Cisco Unified Contact Center Express.