Cisco Unified Intelligence Center Vulnerability Allows Privilege Escalation

Cisco has disclosed two security vulnerabilities in its Unified Intelligence Center that could allow authenticated remote attackers to escalate privileges.

The more severe flaw, tracked as CVE-2025-20113, received a CVSS score of 7.1 (High), while the secondary vulnerability, CVE-2025-20114, was rated at 4.3 (Medium).

These vulnerabilities affect all configurations of Cisco Unified Intelligence Center, including implementations within Packaged Contact Center Enterprise, Unified Contact Center Enterprise, and Unified Contact Center Express solutions.

Cisco has released patches and urges customers to update affected systems immediately.

The primary vulnerability (CVE-2025-20113) enables authenticated remote attackers to elevate their privileges to Administrator level for a limited set of functions.

This privilege escalation vulnerability could allow attackers to access, modify, or delete data beyond their intended access level, potentially exposing sensitive information stored in the system.

The bug has been internally tracked by Cisco under IDs CSCwk34893 and CSCwk63233.

The secondary vulnerability (CVE-2025-20114) allows authenticated remote attackers to perform horizontal privilege escalation attacks.

If exploited, attackers could access specific data associated with different users on the affected system by executing an insecure direct object reference attack.

Cisco has assigned internal bug IDs CSCwk34894 and CSCwk63223 to this issue.

Cisco PSIRT has confirmed these vulnerabilities affect all versions of Cisco Unified Intelligence Center prior to the patched releases.

However, Cisco Finesse has been confirmed not vulnerable to these security flaws.

Technical Root Causes

From a technical perspective, CVE-2025-20113 stems from insufficient server-side validation of user-supplied parameters in API or HTTP requests.

Attackers can exploit this vulnerability by crafting malicious API or HTTP requests that bypass authorization checks, thereby gaining administrative privileges for specific functions.

The second vulnerability, CVE-2025-20114, results from inadequate validation of user-supplied parameters specifically in API requests.

Attackers can submit specially crafted API requests to exploit insecure direct object references, allowing them to access data belonging to other users on the system.

Both vulnerabilities require the attacker to have valid authentication credentials, limiting the attack surface to authenticated users.

Cisco has released software updates that address both vulnerabilities, with fixed versions varying by product line.

For Cisco Unified Intelligence Center 12.5, customers should upgrade to version 12.5(1)SU ES04 or later.

Users of version 12.6 should update to 12.6(2)ES04 or later. Version 15 is not affected by these vulnerabilities.

For Unified CCX customers, those running version 12.5(1)SU3 or earlier need to migrate to a fixed release, while version 15 is not vulnerable.

Cisco notes there are no workarounds available for these vulnerabilities, making patching the only effective mitigation strategy.

Customers with service contracts can obtain the security fixes through their usual update channels.

Those without service contracts should contact the Cisco Technical Assistance Center (TAC) for assistance.

The vulnerabilities were responsibly disclosed by security researcher Noha Kany of Spark Engineering Consultants, with no evidence of public exploitation prior to the advisory’s release.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!