CVE-2025-20129

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data.

This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
ciscoCNA
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
ciscosocialminer
10.5\(1\)
ciscosocialminer
10.6\(1\)
ciscosocialminer
10.6\(2\)
ciscosocialminer
11.0\(1\)
ciscosocialminer
11.5\(1\)
ciscosocialminer
11.5\(1\)su1
ciscosocialminer
11.6\(1\)
ciscosocialminer
11.6\(2\)
ciscosocialminer
12.0\(1\)
ciscosocialminer
12.0\(1\)es02
ciscosocialminer
12.0\(1\)es03
ciscosocialminer
12.0\(1\)es04
ciscosocialminer
12.5\(1\)
ciscosocialminer
12.5\(1\)es01
ciscosocialminer
12.5\(1\)su1
ciscosocialminer
12.5\(1\)su2
ciscosocialminer
12.5\(1\)su3
ciscounified_contact_center_express
8.5\(1\)
ciscounified_contact_center_express
9.0\(2\)su3es04
ciscounified_contact_center_express
10.0\(1\)su1
ciscounified_contact_center_express
10.0\(1\)su1es04
ciscounified_contact_center_express
10.5\(1\)
ciscounified_contact_center_express
10.5\(1\)su1
ciscounified_contact_center_express
10.5\(1\)su1es10
ciscounified_contact_center_express
10.6\(1\)
ciscounified_contact_center_express
10.6\(1\)su1
ciscounified_contact_center_express
10.6\(1\)su2
ciscounified_contact_center_express
10.6\(1\)su2es04
ciscounified_contact_center_express
10.6\(1\)su3
ciscounified_contact_center_express
10.6\(1\)su3es01
ciscounified_contact_center_express
10.6\(1\)su3es02
ciscounified_contact_center_express
10.6\(1\)su3es03
ciscounified_contact_center_express
11.0\(1\)su1
ciscounified_contact_center_express
11.0\(1\)su1es02
ciscounified_contact_center_express
11.0\(1\)su1es03
ciscounified_contact_center_express
11.5\(1\)es01
ciscounified_contact_center_express
11.5\(1\)su1
ciscounified_contact_center_express
11.5\(1\)su1es01
ciscounified_contact_center_express
11.5\(1\)su1es02
ciscounified_contact_center_express
11.5\(1\)su1es03
ciscounified_contact_center_express
11.6\(1\)
ciscounified_contact_center_express
11.6\(1\)es01
ciscounified_contact_center_express
11.6\(1\)es02
ciscounified_contact_center_express
11.6\(2\)
ciscounified_contact_center_express
11.6\(2\)es01
ciscounified_contact_center_express
11.6\(2\)es02
ciscounified_contact_center_express
11.6\(2\)es03
ciscounified_contact_center_express
11.6\(2\)es04
ciscounified_contact_center_express
11.6\(2\)es05
ciscounified_contact_center_express
11.6\(2\)es06
ciscounified_contact_center_express
11.6\(2\)es07
ciscounified_contact_center_express
11.6\(2\)es08
ciscounified_contact_center_express
12.0\(1\)
ciscounified_contact_center_express
12.0\(1\)es01
ciscounified_contact_center_express
12.0\(1\)es02
ciscounified_contact_center_express
12.0\(1\)es03
ciscounified_contact_center_express
12.0\(1\)es04
ciscounified_contact_center_express
12.5\(1\)
ciscounified_contact_center_express
12.5\(1\)_su01_es01
ciscounified_contact_center_express
12.5\(1\)_su01_es02
ciscounified_contact_center_express
12.5\(1\)_su01_es03
ciscounified_contact_center_express
12.5\(1\)_su02_es01
ciscounified_contact_center_express
12.5\(1\)_su02_es02
ciscounified_contact_center_express
12.5\(1\)_su02_es03
ciscounified_contact_center_express
12.5\(1\)_su02_es04
ciscounified_contact_center_express
12.5\(1\)_su03_es01
ciscounified_contact_center_express
12.5\(1\)_su03_es02
ciscounified_contact_center_express
12.5\(1\)_su03_es03
ciscounified_contact_center_express
12.5\(1\)_su03_es04
ciscounified_contact_center_express
12.5\(1\)_su03_es05
ciscounified_contact_center_express
12.5\(1\)_su03_es06
ciscounified_contact_center_express
12.5\(1\)es01
ciscounified_contact_center_express
12.5\(1\)es02
ciscounified_contact_center_express
12.5\(1\)es03
ciscounified_contact_center_express
12.5\(1\)su1
ciscounified_contact_center_express
12.5\(1\)su2
ciscounified_contact_center_express
12.5\(1\)su3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd