CVE-2025-20139
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit this vulnerability by sending malicious requests to a messaging chat entry point in the affected application. A successful exploit could allow the attacker to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its own and may need an administrator to manually restart services to recover.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Enterprise Chat and Email | 11.5(1) | affected |
| Cisco | Cisco Enterprise Chat and Email | 11.6(1) | affected |
| Cisco | Cisco Enterprise Chat and Email | 11.6(1)_ES2 | affected |
| Cisco | Cisco Enterprise Chat and Email | 11.6(1)_ES3 | affected |
| Cisco | Cisco Enterprise Chat and Email | 11.6(1)_ES4 | affected |
| Cisco | Cisco Enterprise Chat and Email | 11.6(1)_ES5 | affected |
| Cisco | Cisco Enterprise Chat and Email | 11.6(1)_ES6 | affected |
| Cisco | Cisco Enterprise Chat and Email | 11.6(1)_ES10 | affected |
| Cisco | Cisco Enterprise Chat and Email | 11.6(1)_ES11 | affected |
| Cisco | Cisco Enterprise Chat and Email | 11.6(1)_ES7 | affected |
| Cisco | Cisco Enterprise Chat and Email | 11.6(1)_ES8 | affected |
| Cisco | Cisco Enterprise Chat and Email | 11.6(1)_ES9 | affected |
| Cisco | Cisco Enterprise Chat and Email | 11.6(1)_ES9a | affected |
| Cisco | Cisco Enterprise Chat and Email | 11.6(1)_ES12 | affected |
| Cisco | Cisco Enterprise Chat and Email | 11.6(1)_ES12_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.0(1) | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.0(1)_ES1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.0(1)_ES2 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.0(1)_ES3 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.0(1)_ES4 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.0(1)_ES5 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.0(1)_ES5a | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.0(1)_ES6 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.0(1)_ES6_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.0(1)_ES6_ET2 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.0(1)_ES6_ET3 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.0(1)_ES7 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.0(1)_ES7_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1) | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES2 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES3 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES3_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES4 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES3_ET2 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES4_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES5 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES5_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES6 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES7 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES8 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES8_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES3_ET3 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES5_ET2 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES6_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES4_ET2 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES7_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.5(1)_ES9 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1) | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ET2 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ET3 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES1_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES2 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES3 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES4 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES4_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES5 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES5_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES5_ET2 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES6 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES6_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES6_ET2 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES7 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES8 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES4_ET2 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES3_ET3 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES2_ET5 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES1_ET2 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES8_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES7_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES6_ET3 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES5_ET3 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES8_ET2 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES9 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES9_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES9_ET2 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6(1)_ES9_ET3 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6_ES2_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6_ES2_ET2 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6_ES2_ET3 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6_ES2_ET4 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6_ES3_ET1 | affected |
| Cisco | Cisco Enterprise Chat and Email | 12.6_ES3_ET2 | affected |
Weaknesses
- CWE-185: Incorrect Regular Expression
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.