We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-20112

Cisco Unified Communications Products Privilege Escalation Vulnerability



Description

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor.

Reserved 2024-10-10 | Published 2025-05-21 | Updated 2025-05-22 | Assigner cisco


MEDIUM: 5.1CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

Problem types

Privilege Chaining

Product status

Default status
unknown

12.5(1a)
affected

12.5(1)SU1
affected

12.5(1)
affected

12.5(1)SU2
affected

12.5(1)SU3
affected

12.5(1)SU4
affected

14
affected

12.5(1)SU5
affected

14SU1
affected

12.5(1)SU6
affected

14SU2
affected

12.5(1)SU7
affected

14SU3
affected

12.5(1)SU8
affected

12.5(1)SU8a
affected

12.5(1)SU8b
affected

14SU3a
affected

15
affected

15SU1
affected

15SU1a
affected

14SU4
affected

12.5(1)SU9
affected

Default status
unknown

11.0(1)ES_Rollback
affected

10.5(1)ES4
affected

11.6(1)ES3
affected

11.0(1)ES2
affected

12.0(1)ES2
affected

10.5(1)ES3
affected

11.0(1)
affected

11.6(1)FIPS
affected

11.6(1)ES4
affected

11.0(1)ES3
affected

10.5(1)ES6
affected

11.0(1)ES7
affected

11.5(1)ES4
affected

10.5(1)ES8
affected

11.5(1)
affected

11.6(1)
affected

10.5(1)ES10
affected

11.6(1)ES2
affected

11.6(1)ES
affected

11.0(1)ES6
affected

11.0(1)ES4
affected

12.0(1)
affected

11.6(1)ES7
affected

10.5(1)ES7
affected

11.6(1)ES8
affected

11.5(1)ES1
affected

11.6(1)ES1
affected

11.5(1)ES5
affected

11.0(1)ES1
affected

10.5(1)
affected

11.6(1)ES6
affected

10.5(1)ES2
affected

12.0(1)ES1
affected

11.0(1)ES5
affected

10.5(1)ES5
affected

11.5(1)ES3
affected

11.5(1)ES2
affected

10.5(1)ES9
affected

11.6(1)ES5
affected

11.6(1)ES9
affected

11.5(1)ES6
affected

10.5(1)ES1
affected

12.5(1)
affected

12.0(1)ES3
affected

11.6(1)ES10
affected

12.5(1)ES1
affected

12.5(1)ES2
affected

12.0(1)ES4
affected

12.5(1)ES3
affected

12.0(1)ES5
affected

12.5(1)ES4
affected

12.0(1)ES6
affected

12.5(1)ES5
affected

12.5(1)ES6
affected

12.0(1)ES7
affected

12.6(1)
affected

12.5(1)ES7
affected

11.6(1)ES11
affected

12.6(1)ES1
affected

12.0(1)ES8
affected

12.5(1)ES8
affected

12.6(1)ES2
affected

12.6(1)ES3
affected

12.6(1)ES4
affected

12.6(1)ES5
affected

12.5(2)
affected

12.5(1)_SU
affected

12.5(1)SU
affected

12.6(1)ES6
affected

12.5(1)SU ES1
affected

12.6(1)ES7
affected

12.6(1)ES7_ET
affected

12.6(2)
affected

12.6(1)ES8
affected

12.6(1)ES9
affected

12.6(2)ES1
affected

12.6(1)ES10
affected

12.5(1)SU ES2
affected

12.6(1)ES11
affected

12.6(2)ES2
affected

12.6(2)ES3
affected

12.5(1)SU ES3
affected

12.6(2)ES4
affected

12.6(2)ES6
affected

Default status
unknown

11.5(1)
affected

11.0(1a)
affected

11.5(1)SU1
affected

10.5(3)
affected

12.6(1)
affected

11.0(1)
affected

11.6(2)
affected

12.1(1)
affected

12.0(1a)
affected

11.5(3)
affected

10.5(1)
affected

12.5(1)
affected

11.5(2)
affected

11.6(1)
affected

10.5(2)
affected

10.5(3)SU1
affected

14
affected

14SU1
affected

14SU2
affected

14SU3
affected

15
affected

15SU1
affected

14SU4
affected

Default status
unknown

12.5(1)ES01
affected

10.5(1)
affected

11.6(1)
affected

10.6(1)
affected

12.0(1)ES04
affected

10.6(2)
affected

12.5(1)
affected

11.6(2)
affected

12.0(1)
affected

12.0(1)ES02
affected

11.0(1)
affected

11.5(1)
affected

11.5(1)SU1
affected

12.0(1)ES03
affected

12.5(1)SU3
affected

12.5(1)SU1
affected

12.5(1)SU2
affected

Default status
unknown

12.5(1)SU2
affected

12.5(1)SU1
affected

12.5(1)
affected

12.5(1)SU3
affected

12.5(1)SU4
affected

14
affected

12.5(1)SU5
affected

14SU1
affected

12.5(1)SU6
affected

14SU2
affected

12.5(1)SU7
affected

12.5(1)SU7a
affected

14SU3
affected

12.5(1)SU8
affected

12.5(1)SU8a
affected

15
affected

15SU1
affected

14SU4
affected

14SU4a
affected

15SU1a
affected

12.5(1)SU9
affected

Default status
unknown

12.5(1)
affected

12.5(1)SU1
affected

12.5(1)SU2
affected

12.5(1)SU3
affected

12.5(1)SU4
affected

14
affected

12.5(1)SU5
affected

14SU1
affected

12.5(1)SU6
affected

14SU2
affected

14SU2a
affected

12.5(1)SU7
affected

14SU3
affected

12.5(1)SU8
affected

15
affected

15SU1
affected

14SU4
affected

12.5(1)SU9
affected

Default status
unknown

10.5(1)SU1
affected

10.6(1)
affected

11.6(1)
affected

10.6(1)SU1
affected

10.6(1)SU3
affected

11.6(2)
affected

12.0(1)
affected

10.0(1)SU1
affected

11.0(1)SU1
affected

11.5(1)SU1
affected

10.5(1)
affected

12.5(1)
affected

12.5(1)SU1
affected

12.5(1)SU2
affected

12.5(1)SU3
affected

12.5(1)_SU03_ES01
affected

12.5(1)_SU03_ES02
affected

12.5(1)_SU02_ES03
affected

12.5(1)_SU02_ES04
affected

12.5(1)_SU02_ES02
affected

12.5(1)_SU01_ES02
affected

12.5(1)_SU01_ES03
affected

12.5(1)_SU02_ES01
affected

11.6(2)ES07
affected

11.6(2)ES08
affected

12.5(1)_SU01_ES01
affected

12.0(1)ES04
affected

12.5(1)ES02
affected

12.5(1)ES03
affected

11.6(2)ES06
affected

12.5(1)ES01
affected

12.0(1)ES03
affected

12.0(1)ES01
affected

11.6(2)ES05
affected

12.0(1)ES02
affected

11.6(2)ES04
affected

11.6(2)ES03
affected

11.6(2)ES02
affected

11.6(2)ES01
affected

10.6(1)SU3ES03
affected

11.0(1)SU1ES03
affected

10.6(1)SU3ES01
affected

10.5(1)SU1ES10
affected

10.0(1)SU1ES04
affected

11.5(1)SU1ES03
affected

11.6(1)ES02
affected

11.5(1)ES01
affected

9.0(2)SU3ES04
affected

10.6(1)SU2
affected

10.6(1)SU2ES04
affected

11.6(1)ES01
affected

10.6(1)SU3ES02
affected

11.5(1)SU1ES02
affected

11.5(1)SU1ES01
affected

8.5(1)SU4ES09
affected

8.5(1)
affected

11.0(1)SU1ES02
affected

12.5(1)_SU03_ES03
affected

12.5(1)_SU03_ES04
affected

12.5(1)_SU03_ES05
affected

12.5(1)_SU03_ES06
affected

Default status
unknown

11.6(1)
affected

10.5(1)
affected

11.0(1)
affected

11.5(1)
affected

12.0(1)
affected

12.5(1)
affected

11.0(2)
affected

12.6(1)
affected

12.5(1)SU
affected

12.6(1)_ET
affected

12.6(1)_ES05_ET
affected

11.0(3)
affected

12.6(2)
affected

12.6(2)_504_Issue_ET
affected

12.6.1_ExcelIssue_ET
affected

12.6(2)_Permalink_ET
affected

12.6.2_CSCwk19536_ET
affected

12.6.2_CSCwm96922_ET
affected

12.6.2_Amq_OOS_ET
affected

12.5(2)ET_CSCwi79933
affected

12.6(2)_ET
affected

12.6.2_CSCwn48501_ET
affected

Default status
unknown

12.5(1)
affected

12.5(1)SU1
affected

12.5(1)SU2
affected

12.5(1)SU3
affected

12.5(1)SU4
affected

14
affected

12.5(1)SU5
affected

14SU1
affected

12.5(1)SU6
affected

14SU2
affected

12.5(1)SU7
affected

14SU3
affected

12.5(1)SU8
affected

14SU3a
affected

12.5(1)SU8a
affected

15
affected

15SU1
affected

14SU4
affected

12.5(1)SU9
affected

Default status
unknown

11.0(1)
affected

11.6(1)_ES84
affected

11.5(1)_ES54
affected

11.5(1)_ES27
affected

11.5(1)
affected

11.5(1)ES36
affected

12.0(1)_ES01
affected

11.6(1)_ES85
affected

12.5(1)_ES05
affected

11.5(1)_ES32
affected

11.6(1)_ES83
affected

11.5(1)_ES29
affected

12.0(1)_ES06
affected

12.5(1)
affected

12.0(1)_ES07
affected

11.6(1)_ES80
affected

12.0(1)_ES05
affected

11.5(1)_ES36
affected

11.5(1)_ES53
affected

12.5(1)_ES08
affected

11.5(1)ES43
affected

12.0(1)_ES03
affected

11.6(1)_ES86
affected

12.0(1)_ES04
affected

11.5(1)ES27
affected

12.5(1)_ES03
affected

11.6(1)_ES88
affected

12.5(1)_ES06
affected

11.6(1)_ES82
affected

11.6(1)
affected

11.5(1)ES29
affected

12.5(1)_ES04
affected

12.5(1)_ES07
affected

11.6(1)_ES87
affected

11.6(1)_ES81
affected

12.0(1)
affected

11.6(1)_ES22
affected

11.5(1)_ES43
affected

11.5(1)ES32
affected

12.0(1)_ES02
affected

12.5(1)_ES02
affected

12.6(1)
affected

12.5(1)_ES09
affected

12.6(1)_ES01
affected

12.0(1)_ES08
affected

12.5(1)_ES10
affected

12.6(1)_ES02
affected

12.5(1)_ES11
affected

12.5(1)_ES12
affected

12.6(1)_ES03
affected

12.5(1)_ES13
affected

12.5(1)_ES14
affected

12.6(1)_ES04
affected

12.6(1)_ES05
affected

12.5(1)_ES15
affected

12.6(1)_ES06
affected

12.6(1)_ET
affected

12.5(1)_ES16
affected

12.5(1)SU
affected

12.5(1)_SU
affected

12.5(1)_SU_ES01
affected

12.6(1)_ES07
affected

12.6(2)
affected

12.5(1)_ES17
affected

12.6(1)_ES08
affected

12.6(1)_ES09
affected

12.6(1)_ES10
affected

12.5(1)_SU_ES02
affected

12.6(2)_ES01
affected

12.6(2)_ET01
affected

12.5(2)_ET
affected

12.6(2)_ES02
affected

12.6(2)_ET_Streaming
affected

12.6(2)ET_Transcribe
affected

12.6(2)_ES03
affected

12.6(2)ET_NuanceMix
affected

12.6(2)ET_FileUpload
affected

12.6(2)_ET02
affected

12.6(2)_ES04
affected

12.6.2ET_RTPfallback
affected

12.6.2ET_CSCwf55306
affected

12.6.2_ET_CSCwj36712
affected

12.5.2 ET-CSCwj33374
affected

12.5(1) SU ET
affected

12.6(2)ET_CSCwj87296
affected

12.6(2)_ES05
affected

12.5.2_ET_CSCvz27014
affected

12.6(2)_ET
affected

12.6.2-ET
affected

12.6(2)ET_CSCwk83135
affected

12.6.2_ET_CX_ALAW
affected

12.6.2-ET01-SSL
affected

12.6(2)_ES06
affected

References

sec.cloudapps.cisco.com/...tyAdvisory/cisco-sa-cucm-kkhZbHR5 (cisco-sa-cucm-kkhZbHR5)

cve.org (CVE-2025-20112)

nvd.nist.gov (CVE-2025-20112)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-20112

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.