CVE-2025-1041

Summary

An improper input validation discovered in

Avaya Call Management System could allow an unauthorized

remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.

Affected Software

VendorProductVersion RangeStatus
AvayaAvaya Call Management System18.0 < 19.2.0.7affected
AvayaAvaya Call Management System20.0 < 20.0.1.0affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References