CVE-2025-20242

CVE Database · CVE-2025-20242

CVE-2025-20242

· MEDIUMAnalyzed

CVSS v3.1

6.5

EPSS

2.25%

Published

May 21, 2025

Modified

Jul 11, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port on an affected device. A successful exploit could allow the attacker to read or modify data on the affected device.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Weaknesses (CWE)

CWE-284

Affected Products (1)

cisco · unified_contact_center_enterprisevulnerable

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-contcent-insuffacces-ArDOVhN8

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs