CVE-2025-20326 | THREATINT

Description

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.

PUBLISHED Reserved 2024-10-10 | Published 2025-09-03 | Updated 2025-09-03 | Assigner cisco

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Problem types

Cross-Site Request Forgery (CSRF)

Product status

Default status

unknown

12.5(1)SU2

affected

12.5(1)SU1

affected

12.5(1)

affected

12.5(1)SU3

affected

12.5(1)SU4

affected

12.5(1)SU5

affected

14SU1

affected

12.5(1)SU6

affected

14SU2

affected

12.5(1)SU7

affected

12.5(1)SU7a

affected

14SU3

affected

12.5(1)SU8

affected

12.5(1)SU8a

affected

15SU1

affected

14SU4

affected

14SU4a

affected

15SU1a

affected

12.5(1)SU9

affected

15SU2

affected

References

sec.cloudapps.cisco.com/...isory/cisco-sa-cucm-csrf-w762pRYd (cisco-sa-cucm-csrf-w762pRYd)

cve.org (CVE-2025-20326)

nvd.nist.gov (CVE-2025-20326)

Download JSON