CVE-2025-20129 - Vulnerability Details

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Socialminer Unified Contact Center Express

Configuration 1 [-]

OR	cpe:2.3:a:cisco:socialminer:10.5\(1\):::::::*
	cpe:2.3:a:cisco:socialminer:10.6\(1\):::::::*
	cpe:2.3:a:cisco:socialminer:10.6\(2\):::::::*
	cpe:2.3:a:cisco:socialminer:11.0\(1\):::::::*
	cpe:2.3:a:cisco:socialminer:11.5\(1\):::::::*
	cpe:2.3:a:cisco:socialminer:11.5\(1\)su1:::::::*
	cpe:2.3:a:cisco:socialminer:11.6\(1\):::::::*
	cpe:2.3:a:cisco:socialminer:11.6\(2\):::::::*
	cpe:2.3:a:cisco:socialminer:12.0\(1\):::::::*
	cpe:2.3:a:cisco:socialminer:12.0\(1\)es02:::::::*
	cpe:2.3:a:cisco:socialminer:12.0\(1\)es03:::::::*
	cpe:2.3:a:cisco:socialminer:12.0\(1\)es04:::::::*
	cpe:2.3:a:cisco:socialminer:12.5\(1\):::::::*
	cpe:2.3:a:cisco:socialminer:12.5\(1\)es01:::::::*
	cpe:2.3:a:cisco:socialminer:12.5\(1\)su1:::::::*
	cpe:2.3:a:cisco:socialminer:12.5\(1\)su2:::::::*
	cpe:2.3:a:cisco:socialminer:12.5\(1\)su3:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:cisco:unified_contact_center_express:8.5\(1\):::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:9.0\(2\)su3es04:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:10.0\(1\)su1:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:10.0\(1\)su1es04:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\):::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\)su1:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\)su1es10:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\):::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su1:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su2:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su2es04:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es01:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es02:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es03:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1es02:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1es03:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)es01:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es01:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es02:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es03:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\):::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\)es01:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\)es02:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\):::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es01:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es02:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es03:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es04:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es05:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es06:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es07:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es08:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\):::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es01:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es02:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es03:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es04:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es01:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es02:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es03:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es01:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es02:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es03:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es04:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es01:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es02:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es03:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es04:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es05:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es06:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es01:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es02:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es03:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su1:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su2:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su3:::::::*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd

History

Fri, 01 Aug 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco socialminer Cisco unified Contact Center Express
CPEs		cpe:2.3:a:cisco:socialminer:10.5\(1\):::::::* cpe:2.3:a:cisco:socialminer:10.6\(1\):::::::* cpe:2.3:a:cisco:socialminer:10.6\(2\):::::::* cpe:2.3:a:cisco:socialminer:11.0\(1\):::::::* cpe:2.3:a:cisco:socialminer:11.5\(1\):::::::* cpe:2.3:a:cisco:socialminer:11.5\(1\)su1:::::::* cpe:2.3:a:cisco:socialminer:11.6\(1\):::::::* cpe:2.3:a:cisco:socialminer:11.6\(2\):::::::* cpe:2.3:a:cisco:socialminer:12.0\(1\):::::::* cpe:2.3:a:cisco:socialminer:12.0\(1\)es02:::::::* cpe:2.3:a:cisco:socialminer:12.0\(1\)es03:::::::* cpe:2.3:a:cisco:socialminer:12.0\(1\)es04:::::::* cpe:2.3:a:cisco:socialminer:12.5\(1\):::::::* cpe:2.3:a:cisco:socialminer:12.5\(1\)es01:::::::* cpe:2.3:a:cisco:socialminer:12.5\(1\)su1:::::::* cpe:2.3:a:cisco:socialminer:12.5\(1\)su2:::::::* cpe:2.3:a:cisco:socialminer:12.5\(1\)su3:::::::* cpe:2.3:a:cisco:unified_contact_center_express:10.0\(1\)su1:::::::* cpe:2.3:a:cisco:unified_contact_center_express:10.0\(1\)su1es04:::::::* cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\):::::::* cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\)su1:::::::* cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\)su1es10:::::::* cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\):::::::* cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su1:::::::* cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su2:::::::* cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su2es04:::::::* cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3:::::::* cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es01:::::::* cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es02:::::::* cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es03:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1es02:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1es03:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)es01:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es01:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es02:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es03:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\):::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\)es01:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\)es02:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\):::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es01:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es02:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es03:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es04:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es05:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es06:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es07:::::::* cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es08:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\):::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es01:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es02:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es03:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es04:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es01:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es02:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es03:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es01:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es02:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es03:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es04:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es01:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es02:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es03:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es04:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es05:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es06:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es01:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es02:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es03:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su1:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su2:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su3:::::::* cpe:2.3:a:cisco:unified_contact_center_express:8.5\(1\):::::::* cpe:2.3:a:cisco:unified_contact_center_express:9.0\(2\)su3es04:::::::*
Vendors & Products		Cisco Cisco socialminer Cisco unified Contact Center Express

Wed, 04 Jun 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 04 Jun 2025 16:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.
Title		Cisco Customer Collaboration Platform Information Disclosure Vulnerability
Weaknesses		CWE-200
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2025-06-04T16:17:27.318Z

Updated: 2025-06-04T18:20:18.190Z

Reserved: 2024-10-10T19:15:13.212Z

Link: CVE-2025-20129

Vulnrichment

Updated: 2025-06-04T18:13:21.469Z

NVD

Status : Analyzed

Published: 2025-06-04T17:15:25.407

Modified: 2025-08-01T15:08:03.230

Link: CVE-2025-20129

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-20129", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2024-10-10T19:15:13.212Z", "datePublished": "2025-06-04T16:17:27.318Z", "dateUpdated": "2025-06-04T18:20:18.190Z"}, "containers": {"cna": {"title": "Cisco Customer Collaboration Platform Information Disclosure Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data.\r\n\r\nThis vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd", "name": "cisco-sa-ccp-info-disc-ZyGerQpd"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-ccp-info-disc-ZyGerQpd", "discovery": "EXTERNAL", "defects": ["CSCwh43988"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Exposure of Sensitive Information to an Unauthorized Actor", "type": "cwe", "cweId": "CWE-200"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco SocialMiner", "versions": [{"version": "12.5(1)ES01", "status": "affected"}, {"version": "10.5(1)", "status": "affected"}, {"version": "11.6(1)", "status": "affected"}, {"version": "10.6(1)", "status": "affected"}, {"version": "12.0(1)ES04", "status": "affected"}, {"version": "10.6(2)", "status": "affected"}, {"version": "12.5(1)", "status": "affected"}, {"version": "11.6(2)", "status": "affected"}, {"version": "12.0(1)", "status": "affected"}, {"version": "12.0(1)ES02", "status": "affected"}, {"version": "11.0(1)", "status": "affected"}, {"version": "11.5(1)", "status": "affected"}, {"version": "11.5(1)SU1", "status": "affected"}, {"version": "12.0(1)ES03", "status": "affected"}, {"version": "12.5(1)SU3", "status": "affected"}, {"version": "12.5(1)SU1", "status": "affected"}, {"version": "12.5(1)SU2", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Cisco", "product": "Cisco Unified Contact Center Express", "versions": [{"version": "10.6(1)", "status": "affected"}, {"version": "10.5(1)SU1", "status": "affected"}, {"version": "10.6(1)SU3", "status": "affected"}, {"version": "12.0(1)", "status": "affected"}, {"version": "10.0(1)SU1", "status": "affected"}, {"version": "10.6(1)SU1", "status": "affected"}, {"version": "11.0(1)SU1", "status": "affected"}, {"version": "11.5(1)SU1", "status": "affected"}, {"version": "10.5(1)", "status": "affected"}, {"version": "11.6(1)", "status": "affected"}, {"version": "11.6(2)", "status": "affected"}, {"version": "12.5(1)", "status": "affected"}, {"version": "12.5(1)SU1", "status": "affected"}, {"version": "12.5(1)SU2", "status": "affected"}, {"version": "12.5(1)SU3", "status": "affected"}, {"version": "12.5(1)_SU03_ES01", "status": "affected"}, {"version": "12.5(1)_SU03_ES02", "status": "affected"}, {"version": "12.5(1)_SU02_ES03", "status": "affected"}, {"version": "12.5(1)_SU02_ES04", "status": "affected"}, {"version": "12.5(1)_SU02_ES02", "status": "affected"}, {"version": "12.5(1)_SU01_ES02", "status": "affected"}, {"version": "12.5(1)_SU01_ES03", "status": "affected"}, {"version": "12.5(1)_SU02_ES01", "status": "affected"}, {"version": "11.6(2)ES07", "status": "affected"}, {"version": "11.6(2)ES08", "status": "affected"}, {"version": "12.5(1)_SU01_ES01", "status": "affected"}, {"version": "12.0(1)ES04", "status": "affected"}, {"version": "12.5(1)ES02", "status": "affected"}, {"version": "12.5(1)ES03", "status": "affected"}, {"version": "11.6(2)ES06", "status": "affected"}, {"version": "12.5(1)ES01", "status": "affected"}, {"version": "12.0(1)ES03", "status": "affected"}, {"version": "12.0(1)ES01", "status": "affected"}, {"version": "11.6(2)ES05", "status": "affected"}, {"version": "12.0(1)ES02", "status": "affected"}, {"version": "11.6(2)ES04", "status": "affected"}, {"version": "11.6(2)ES03", "status": "affected"}, {"version": "11.6(2)ES02", "status": "affected"}, {"version": "11.6(2)ES01", "status": "affected"}, {"version": "10.6(1)SU3ES03", "status": "affected"}, {"version": "11.0(1)SU1ES03", "status": "affected"}, {"version": "10.6(1)SU3ES01", "status": "affected"}, {"version": "10.5(1)SU1ES10", "status": "affected"}, {"version": "10.0(1)SU1ES04", "status": "affected"}, {"version": "11.5(1)SU1ES03", "status": "affected"}, {"version": "11.6(1)ES02", "status": "affected"}, {"version": "11.5(1)ES01", "status": "affected"}, {"version": "9.0(2)SU3ES04", "status": "affected"}, {"version": "10.6(1)SU2", "status": "affected"}, {"version": "10.6(1)SU2ES04", "status": "affected"}, {"version": "11.6(1)ES01", "status": "affected"}, {"version": "10.6(1)SU3ES02", "status": "affected"}, {"version": "11.5(1)SU1ES02", "status": "affected"}, {"version": "11.5(1)SU1ES01", "status": "affected"}, {"version": "8.5(1)", "status": "affected"}, {"version": "11.0(1)SU1ES02", "status": "affected"}, {"version": "12.5(1)_SU03_ES03", "status": "affected"}, {"version": "12.5(1)_SU03_ES04", "status": "affected"}, {"version": "12.5(1)_SU03_ES05", "status": "affected"}, {"version": "12.5(1)_SU03_ES06", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-06-04T16:17:27.318Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-04T18:13:19.983909Z", "id": "CVE-2025-20129", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-04T18:20:18.190Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-20129", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-04T18:13:19.983909Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-04T18:13:21.469Z"}}], "cna": {"title": "Cisco Customer Collaboration Platform Information Disclosure Vulnerability", "source": {"defects": ["CSCwh43988"], "advisory": "cisco-sa-ccp-info-disc-ZyGerQpd", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco SocialMiner", "versions": [{"status": "affected", "version": "12.5(1)ES01"}, {"status": "affected", "version": "10.5(1)"}, {"status": "affected", "version": "11.6(1)"}, {"status": "affected", "version": "10.6(1)"}, {"status": "affected", "version": "12.0(1)ES04"}, {"status": "affected", "version": "10.6(2)"}, {"status": "affected", "version": "12.5(1)"}, {"status": "affected", "version": "11.6(2)"}, {"status": "affected", "version": "12.0(1)"}, {"status": "affected", "version": "12.0(1)ES02"}, {"status": "affected", "version": "11.0(1)"}, {"status": "affected", "version": "11.5(1)"}, {"status": "affected", "version": "11.5(1)SU1"}, {"status": "affected", "version": "12.0(1)ES03"}, {"status": "affected", "version": "12.5(1)SU3"}, {"status": "affected", "version": "12.5(1)SU1"}, {"status": "affected", "version": "12.5(1)SU2"}], "defaultStatus": "unknown"}, {"vendor": "Cisco", "product": "Cisco Unified Contact Center Express", "versions": [{"status": "affected", "version": "10.6(1)"}, {"status": "affected", "version": "10.5(1)SU1"}, {"status": "affected", "version": "10.6(1)SU3"}, {"status": "affected", "version": "12.0(1)"}, {"status": "affected", "version": "10.0(1)SU1"}, {"status": "affected", "version": "10.6(1)SU1"}, {"status": "affected", "version": "11.0(1)SU1"}, {"status": "affected", "version": "11.5(1)SU1"}, {"status": "affected", "version": "10.5(1)"}, {"status": "affected", "version": "11.6(1)"}, {"status": "affected", "version": "11.6(2)"}, {"status": "affected", "version": "12.5(1)"}, {"status": "affected", "version": "12.5(1)SU1"}, {"status": "affected", "version": "12.5(1)SU2"}, {"status": "affected", "version": "12.5(1)SU3"}, {"status": "affected", "version": "12.5(1)_SU03_ES01"}, {"status": "affected", "version": "12.5(1)_SU03_ES02"}, {"status": "affected", "version": "12.5(1)_SU02_ES03"}, {"status": "affected", "version": "12.5(1)_SU02_ES04"}, {"status": "affected", "version": "12.5(1)_SU02_ES02"}, {"status": "affected", "version": "12.5(1)_SU01_ES02"}, {"status": "affected", "version": "12.5(1)_SU01_ES03"}, {"status": "affected", "version": "12.5(1)_SU02_ES01"}, {"status": "affected", "version": "11.6(2)ES07"}, {"status": "affected", "version": "11.6(2)ES08"}, {"status": "affected", "version": "12.5(1)_SU01_ES01"}, {"status": "affected", "version": "12.0(1)ES04"}, {"status": "affected", "version": "12.5(1)ES02"}, {"status": "affected", "version": "12.5(1)ES03"}, {"status": "affected", "version": "11.6(2)ES06"}, {"status": "affected", "version": "12.5(1)ES01"}, {"status": "affected", "version": "12.0(1)ES03"}, {"status": "affected", "version": "12.0(1)ES01"}, {"status": "affected", "version": "11.6(2)ES05"}, {"status": "affected", "version": "12.0(1)ES02"}, {"status": "affected", "version": "11.6(2)ES04"}, {"status": "affected", "version": "11.6(2)ES03"}, {"status": "affected", "version": "11.6(2)ES02"}, {"status": "affected", "version": "11.6(2)ES01"}, {"status": "affected", "version": "10.6(1)SU3ES03"}, {"status": "affected", "version": "11.0(1)SU1ES03"}, {"status": "affected", "version": "10.6(1)SU3ES01"}, {"status": "affected", "version": "10.5(1)SU1ES10"}, {"status": "affected", "version": "10.0(1)SU1ES04"}, {"status": "affected", "version": "11.5(1)SU1ES03"}, {"status": "affected", "version": "11.6(1)ES02"}, {"status": "affected", "version": "11.5(1)ES01"}, {"status": "affected", "version": "9.0(2)SU3ES04"}, {"status": "affected", "version": "10.6(1)SU2"}, {"status": "affected", "version": "10.6(1)SU2ES04"}, {"status": "affected", "version": "11.6(1)ES01"}, {"status": "affected", "version": "10.6(1)SU3ES02"}, {"status": "affected", "version": "11.5(1)SU1ES02"}, {"status": "affected", "version": "11.5(1)SU1ES01"}, {"status": "affected", "version": "8.5(1)"}, {"status": "affected", "version": "11.0(1)SU1ES02"}, {"status": "affected", "version": "12.5(1)_SU03_ES03"}, {"status": "affected", "version": "12.5(1)_SU03_ES04"}, {"status": "affected", "version": "12.5(1)_SU03_ES05"}, {"status": "affected", "version": "12.5(1)_SU03_ES06"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd", "name": "cisco-sa-ccp-info-disc-ZyGerQpd"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data.\r\n\r\nThis vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-200", "description": "Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-06-04T16:17:27.318Z"}}}, "cveMetadata": {"cveId": "CVE-2025-20129", "state": "PUBLISHED", "dateUpdated": "2025-06-04T18:20:18.190Z", "dateReserved": "2024-10-10T19:15:13.212Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2025-06-04T16:17:27.318Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:socialminer:10.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "3F8BC85C-F3C7-4FE6-97D5-30C2DA4858D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:socialminer:10.6\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "8496A6AF-FF0B-4DCD-9524-4C89E74B44C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:socialminer:10.6\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "0D8D8B8B-FD28-4A42-8364-72D896742533", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:socialminer:11.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "152B13F1-4EB5-4DA0-A943-326F8F324432", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:socialminer:11.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "9CBA712A-A9FC-4DA9-A06A-9A49A0355F34", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:socialminer:11.5\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "D807EB1C-6970-4A6D-B50A-A16DC43C443E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:socialminer:11.6\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "1382D72C-1447-4296-A520-BEF4EB48633C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:socialminer:11.6\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "6D53D578-A6D5-4BD0-9CD2-C8E496D136B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "24871067-7ADC-473D-A148-A82BE2C158A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\)es02:*:*:*:*:*:*:*", "matchCriteriaId": "CC5C6FC1-CD6B-48C0-803C-E77C4B182A1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\)es03:*:*:*:*:*:*:*", "matchCriteriaId": "9898EB83-A3A1-45A8-9E88-09A5A27D6EC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\)es04:*:*:*:*:*:*:*", "matchCriteriaId": "A2AB2650-7D2B-4117-888D-CCB5E894E5C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "D32D6A4A-08E6-470E-B82C-D5E4E4B810FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)es01:*:*:*:*:*:*:*", "matchCriteriaId": "15F7499F-5F1E-47BA-8A84-33B55CA4E966", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "33B065FE-3FA0-4109-90F3-57EABB2DB6DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)su2:*:*:*:*:*:*:*", "matchCriteriaId": "7EA97B42-BE0D-4D64-9791-C74DE3DB3EA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)su3:*:*:*:*:*:*:*", "matchCriteriaId": "811913C6-4E1B-449F-9E95-F57D96436A59", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:8.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "ED97AAD8-D02D-42AB-863A-7538A1F6D425", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:9.0\\(2\\)su3es04:*:*:*:*:*:*:*", "matchCriteriaId": "E1202DE4-CA67-424E-8379-2BC13630F0C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "31854EAF-89B5-40BB-98E7-7EBB2E867C96", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1es04:*:*:*:*:*:*:*", "matchCriteriaId": "DE1194F1-9CF5-460E-AF26-FB7CDC1EE878", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "1C277058-F33F-4E60-AE89-658CB6558D9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "1E255206-BDDB-4F0F-9ED7-3A3ACA74EF83", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1es10:*:*:*:*:*:*:*", "matchCriteriaId": "CE358FF2-CB8A-4E0D-926E-ED151B585E52", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "D6F83A65-F3AC-4F6B-97A3-9FC582683BCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "A766B903-E6DB-4838-90A7-63918C9F8AD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2:*:*:*:*:*:*:*", "matchCriteriaId": "2F1F0C70-E644-4DCA-93C2-6BCB331D08E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2es04:*:*:*:*:*:*:*", "matchCriteriaId": "DF54B434-E765-40B1-B12A-21FC7F415ACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3:*:*:*:*:*:*:*", "matchCriteriaId": "60839544-11E0-4381-A9AA-21D6FB403F88", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es01:*:*:*:*:*:*:*", "matchCriteriaId": "7D8114CF-6689-4C97-BD5D-07CC8EEF35A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es02:*:*:*:*:*:*:*", "matchCriteriaId": "1D90986B-64ED-44A1-9CF1-7C9FD27555FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es03:*:*:*:*:*:*:*", "matchCriteriaId": "442E4715-5043-4BF7-8961-C8844A00A7B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "0242DD9A-A5BB-4DE7-9218-7AE0FE2A65AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es02:*:*:*:*:*:*:*", "matchCriteriaId": "A5002FAA-FE64-4AA7-B0D7-22084CCE0CE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es03:*:*:*:*:*:*:*", "matchCriteriaId": "6C17A2AB-33B3-4089-A701-A29A4E55D667", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)es01:*:*:*:*:*:*:*", "matchCriteriaId": "DC6FFA8B-248F-42C7-8A06-3F7E158386EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "26A35E9A-FFFB-49AF-BA70-67F3EA54B9ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es01:*:*:*:*:*:*:*", "matchCriteriaId": "3F529FE5-1DE8-43A5-88EE-0980D3A55BCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es02:*:*:*:*:*:*:*", "matchCriteriaId": "766350AF-1B2F-4DC0-9DA3-E17B45892163", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es03:*:*:*:*:*:*:*", "matchCriteriaId": "702E48CC-3858-491C-A328-5D9ADDDC8DC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "20CF8B80-28C0-407B-BA60-1B07694A3DFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es01:*:*:*:*:*:*:*", "matchCriteriaId": "59A30F7B-9756-40BD-89C1-60E2702CC806", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es02:*:*:*:*:*:*:*", "matchCriteriaId": "29A15BB5-0725-4159-B387-74CFBF58F349", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "82F5416D-0DF3-48BB-8A23-DBC2B0746195", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es01:*:*:*:*:*:*:*", "matchCriteriaId": "908E3B03-7248-44B4-B0DE-E3B3F7FA9555", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es02:*:*:*:*:*:*:*", "matchCriteriaId": "1705F343-BF9D-4EBC-B833-64F03EDD7C27", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es03:*:*:*:*:*:*:*", "matchCriteriaId": "686F6450-99FC-4260-B9CE-B7F313464EFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es04:*:*:*:*:*:*:*", "matchCriteriaId": "93851C02-3E0A-41F1-82BB-24546A83E272", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es05:*:*:*:*:*:*:*", "matchCriteriaId": "10E25C7A-42B4-40CE-A13B-0252C05FCFD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es06:*:*:*:*:*:*:*", "matchCriteriaId": "4D0128C7-3FB4-42EE-B4D8-68EAAC4727A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es07:*:*:*:*:*:*:*", "matchCriteriaId": "2A92970B-53FD-4ED6-95BC-FDC7BB6780CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es08:*:*:*:*:*:*:*", "matchCriteriaId": "FE8E4137-3059-46B0-B241-2AA42A3D959E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "30A8784D-B7A6-4F13-B89D-4ED910CC0576", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es01:*:*:*:*:*:*:*", "matchCriteriaId": "B368DEE7-7639-4D46-997B-2F2409712CAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es02:*:*:*:*:*:*:*", "matchCriteriaId": "B721320B-C72C-4550-B585-9F43439FAB25", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es03:*:*:*:*:*:*:*", "matchCriteriaId": "A5F18549-A002-4106-9740-6B641E0ECF8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es04:*:*:*:*:*:*:*", "matchCriteriaId": "CFF4AD59-6A04-4473-84E0-D99D24D99BC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "A9715BD0-F519-462E-ACF6-859B203638D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es01:*:*:*:*:*:*:*", "matchCriteriaId": "CB2C8F59-78F2-4E3A-8261-F4EF214F691A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es02:*:*:*:*:*:*:*", "matchCriteriaId": "D3117461-56A5-4957-8BE0-83F44B66AE3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es03:*:*:*:*:*:*:*", "matchCriteriaId": "4B279AE4-9CF7-49F1-A4C3-D8A6301EF136", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es01:*:*:*:*:*:*:*", "matchCriteriaId": "860ACAB6-5CB9-468C-90C4-B7C8E9559D2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es02:*:*:*:*:*:*:*", "matchCriteriaId": "FB2D8357-773D-492F-BC5B-F672C4D736A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es03:*:*:*:*:*:*:*", "matchCriteriaId": "EE0B3B5E-2C4C-473C-B7FB-F62AAC19744C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es04:*:*:*:*:*:*:*", "matchCriteriaId": "51D7EEFA-D04C-4769-8C62-B8B5902F79ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es01:*:*:*:*:*:*:*", "matchCriteriaId": "E31A16D3-3B40-42EA-BAC3-05A13082CED2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es02:*:*:*:*:*:*:*", "matchCriteriaId": "21F08B08-23C1-4AD7-AD67-34D196C8470E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es03:*:*:*:*:*:*:*", "matchCriteriaId": "05AD3A80-2409-475E-87F5-430E51C53087", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es04:*:*:*:*:*:*:*", "matchCriteriaId": "49165652-275C-4AD9-9585-2F130989D404", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es05:*:*:*:*:*:*:*", "matchCriteriaId": "A4480EF1-226E-459E-B2F5-3985A219BBD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es06:*:*:*:*:*:*:*", "matchCriteriaId": "2A408698-6123-4772-8D11-FE89EBB135D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es01:*:*:*:*:*:*:*", "matchCriteriaId": "81728CDB-DD39-4DD9-BB82-6F2D8E3D1E2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es02:*:*:*:*:*:*:*", "matchCriteriaId": "80F9AF5B-3670-4910-9AD8-C1FB90C7190B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es03:*:*:*:*:*:*:*", "matchCriteriaId": "78DAF852-5CA1-4D2B-948B-F0E9FB9DA973", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "83EDDAAF-0746-4851-B7E5-60E4ED039D02", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su2:*:*:*:*:*:*:*", "matchCriteriaId": "0FBB3406-4AD0-41B1-AFC3-3FC6E7E01B10", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su3:*:*:*:*:*:*:*", "matchCriteriaId": "6BF183D9-CDF6-44D9-B529-F13666A3EE07", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data.\r\n\r\nThis vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de chat web de Cisco Customer Collaboration Platform (CCP), anteriormente Cisco SocialMiner, podr\u00eda permitir que un atacante remoto no autenticado persuada a los usuarios para que revelen informaci\u00f3n confidencial. Esta vulnerabilidad se debe a una depuraci\u00f3n inadecuada de las solicitudes HTTP enviadas a la interfaz de chat web. Un atacante podr\u00eda explotar esta vulnerabilidad enviando solicitudes HTTP manipuladas a la interfaz de chat de un usuario objetivo en un servidor vulnerable. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante redirigir el tr\u00e1fico de chat a un servidor bajo su control, lo que resultar\u00eda en la redirecci\u00f3n de informaci\u00f3n confidencial."}], "id": "CVE-2025-20129", "lastModified": "2025-08-01T15:08:03.230", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-06-04T17:15:25.407", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "psirt@cisco.com", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object