CVE-2025-20129

Summary

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data.

This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco SocialMiner12.5(1)ES01affected
CiscoCisco SocialMiner10.5(1)affected
CiscoCisco SocialMiner11.6(1)affected
CiscoCisco SocialMiner10.6(1)affected
CiscoCisco SocialMiner12.0(1)ES04affected
CiscoCisco SocialMiner10.6(2)affected
CiscoCisco SocialMiner12.5(1)affected
CiscoCisco SocialMiner11.6(2)affected
CiscoCisco SocialMiner12.0(1)affected
CiscoCisco SocialMiner12.0(1)ES02affected
CiscoCisco SocialMiner11.0(1)affected
CiscoCisco SocialMiner11.5(1)affected
CiscoCisco SocialMiner11.5(1)SU1affected
CiscoCisco SocialMiner12.0(1)ES03affected
CiscoCisco SocialMiner12.5(1)SU3affected
CiscoCisco SocialMiner12.5(1)SU1affected
CiscoCisco SocialMiner12.5(1)SU2affected
CiscoCisco Unified Contact Center Express10.6(1)affected
CiscoCisco Unified Contact Center Express10.5(1)SU1affected
CiscoCisco Unified Contact Center Express10.6(1)SU3affected
CiscoCisco Unified Contact Center Express12.0(1)affected
CiscoCisco Unified Contact Center Express10.0(1)SU1affected
CiscoCisco Unified Contact Center Express10.6(1)SU1affected
CiscoCisco Unified Contact Center Express11.0(1)SU1affected
CiscoCisco Unified Contact Center Express11.5(1)SU1affected
CiscoCisco Unified Contact Center Express10.5(1)affected
CiscoCisco Unified Contact Center Express11.6(1)affected
CiscoCisco Unified Contact Center Express11.6(2)affected
CiscoCisco Unified Contact Center Express12.5(1)affected
CiscoCisco Unified Contact Center Express12.5(1)SU1affected
CiscoCisco Unified Contact Center Express12.5(1)SU2affected
CiscoCisco Unified Contact Center Express12.5(1)SU3affected
CiscoCisco Unified Contact Center Express12.5(1)_SU03_ES01affected
CiscoCisco Unified Contact Center Express12.5(1)_SU03_ES02affected
CiscoCisco Unified Contact Center Express12.5(1)_SU02_ES03affected
CiscoCisco Unified Contact Center Express12.5(1)_SU02_ES04affected
CiscoCisco Unified Contact Center Express12.5(1)_SU02_ES02affected
CiscoCisco Unified Contact Center Express12.5(1)_SU01_ES02affected
CiscoCisco Unified Contact Center Express12.5(1)_SU01_ES03affected
CiscoCisco Unified Contact Center Express12.5(1)_SU02_ES01affected
CiscoCisco Unified Contact Center Express11.6(2)ES07affected
CiscoCisco Unified Contact Center Express11.6(2)ES08affected
CiscoCisco Unified Contact Center Express12.5(1)_SU01_ES01affected
CiscoCisco Unified Contact Center Express12.0(1)ES04affected
CiscoCisco Unified Contact Center Express12.5(1)ES02affected
CiscoCisco Unified Contact Center Express12.5(1)ES03affected
CiscoCisco Unified Contact Center Express11.6(2)ES06affected
CiscoCisco Unified Contact Center Express12.5(1)ES01affected
CiscoCisco Unified Contact Center Express12.0(1)ES03affected
CiscoCisco Unified Contact Center Express12.0(1)ES01affected
CiscoCisco Unified Contact Center Express11.6(2)ES05affected
CiscoCisco Unified Contact Center Express12.0(1)ES02affected
CiscoCisco Unified Contact Center Express11.6(2)ES04affected
CiscoCisco Unified Contact Center Express11.6(2)ES03affected
CiscoCisco Unified Contact Center Express11.6(2)ES02affected
CiscoCisco Unified Contact Center Express11.6(2)ES01affected
CiscoCisco Unified Contact Center Express10.6(1)SU3ES03affected
CiscoCisco Unified Contact Center Express11.0(1)SU1ES03affected
CiscoCisco Unified Contact Center Express10.6(1)SU3ES01affected
CiscoCisco Unified Contact Center Express10.5(1)SU1ES10affected
CiscoCisco Unified Contact Center Express10.0(1)SU1ES04affected
CiscoCisco Unified Contact Center Express11.5(1)SU1ES03affected
CiscoCisco Unified Contact Center Express11.6(1)ES02affected
CiscoCisco Unified Contact Center Express11.5(1)ES01affected
CiscoCisco Unified Contact Center Express9.0(2)SU3ES04affected
CiscoCisco Unified Contact Center Express10.6(1)SU2affected
CiscoCisco Unified Contact Center Express10.6(1)SU2ES04affected
CiscoCisco Unified Contact Center Express11.6(1)ES01affected
CiscoCisco Unified Contact Center Express10.6(1)SU3ES02affected
CiscoCisco Unified Contact Center Express11.5(1)SU1ES02affected
CiscoCisco Unified Contact Center Express11.5(1)SU1ES01affected
CiscoCisco Unified Contact Center Express8.5(1)affected
CiscoCisco Unified Contact Center Express11.0(1)SU1ES02affected
CiscoCisco Unified Contact Center Express12.5(1)_SU03_ES03affected
CiscoCisco Unified Contact Center Express12.5(1)_SU03_ES04affected
CiscoCisco Unified Contact Center Express12.5(1)_SU03_ES05affected
CiscoCisco Unified Contact Center Express12.5(1)_SU03_ES06affected

Weaknesses

  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References