CVE-2025-20278

04.06.2025, 17:15

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.

This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.

Command Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
cisco	CNA	6 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Vendor	Product	Version
cisco	finesse	10.5\(1\)
cisco	finesse	10.5\(1\)_es1
cisco	finesse	10.5\(1\)_es2
cisco	finesse	10.5\(1\)_es3
cisco	finesse	10.5\(1\)_es4
cisco	finesse	10.5\(1\)_es5
cisco	finesse	10.5\(1\)_es6
cisco	finesse	10.5\(1\)_es7
cisco	finesse	10.5\(1\)_es8
cisco	finesse	10.5\(1\)_es9
cisco	finesse	10.5\(1\)_es10
cisco	finesse	11.0\(1\)
cisco	finesse	11.0\(1\):es1
cisco	finesse	11.0\(1\):es2
cisco	finesse	11.0\(1\):es3
cisco	finesse	11.0\(1\):es4
cisco	finesse	11.0\(1\):es5
cisco	finesse	11.0\(1\):es6
cisco	finesse	11.0\(1\):es7
cisco	finesse	11.5\(1\)
cisco	finesse	11.5\(1\):es1
cisco	finesse	11.5\(1\):es2
cisco	finesse	11.5\(1\):es3
cisco	finesse	11.5\(1\):es4
cisco	finesse	11.5\(1\):es5
cisco	finesse	11.5\(1\):es6
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\):es1
cisco	finesse	11.6\(1\):es10
cisco	finesse	11.6\(1\):es11
cisco	finesse	11.6\(1\):es2
cisco	finesse	11.6\(1\):es3
cisco	finesse	11.6\(1\):es4
cisco	finesse	11.6\(1\):es5
cisco	finesse	11.6\(1\):es6
cisco	finesse	11.6\(1\):es7
cisco	finesse	11.6\(1\):es8
cisco	finesse	11.6\(1\):es9
cisco	finesse	11.6\(1\)_fips
cisco	finesse	12.0\(1\)
cisco	finesse	12.0\(1\):es1
cisco	finesse	12.0\(1\):es2
cisco	finesse	12.0\(1\):es3
cisco	finesse	12.0\(1\):es4
cisco	finesse	12.0\(1\):es5
cisco	finesse	12.0\(1\):es6
cisco	finesse	12.0\(1\):es7
cisco	finesse	12.0\(1\):es8
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\):es1
cisco	finesse	12.5\(1\):es2
cisco	finesse	12.5\(1\):es3
cisco	finesse	12.5\(1\):es4
cisco	finesse	12.5\(1\):es5
cisco	finesse	12.5\(1\):es6
cisco	finesse	12.5\(1\):es7
cisco	finesse	12.5\(1\):es8
cisco	finesse	12.5\(1\):su
cisco	finesse	12.5\(1\):su_es1
cisco	finesse	12.5\(1\):su_es2
cisco	finesse	12.5\(1\):su_es3
cisco	finesse	12.5\(2\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\):es01
cisco	finesse	12.6\(1\):es02
cisco	finesse	12.6\(1\):es03
cisco	finesse	12.6\(1\):es04
cisco	finesse	12.6\(1\):es05
cisco	finesse	12.6\(1\):es06
cisco	finesse	12.6\(1\):es07
cisco	finesse	12.6\(1\):es07_et
cisco	finesse	12.6\(1\):es08
cisco	finesse	12.6\(1\):es09
cisco	finesse	12.6\(1\):es10
cisco	finesse	12.6\(1\):es11
cisco	finesse	12.6\(2\)
cisco	finesse	12.6\(2\):es01
cisco	finesse	12.6\(2\):es02
cisco	finesse	12.6\(2\):es03
cisco	finesse	12.6\(2\):es04
cisco	finesse	12.6\(2\):es05
cisco	socialminer	10.5\(1\)
cisco	socialminer	10.6\(1\)
cisco	socialminer	10.6\(2\)
cisco	socialminer	11.0\(1\)
cisco	socialminer	11.5\(1\)
cisco	socialminer	11.5\(1\)su1
cisco	socialminer	11.6\(1\)
cisco	socialminer	11.6\(2\)
cisco	socialminer	12.0\(1\)
cisco	socialminer	12.0\(1\)es02
cisco	socialminer	12.0\(1\)es03
cisco	socialminer	12.0\(1\)es04
cisco	socialminer	12.5\(1\)
cisco	socialminer	12.5\(1\)es01
cisco	socialminer	12.5\(1\)su1
cisco	socialminer	12.5\(1\)su2
cisco	socialminer	12.5\(1\)su3
cisco	unified_communications_manager	12.5\(1\)
cisco	unified_communications_manager	12.5\(1\)su1
cisco	unified_communications_manager	12.5\(1\)su2
cisco	unified_communications_manager	12.5\(1\)su3
cisco	unified_communications_manager	12.5\(1\)su4
cisco	unified_communications_manager	12.5\(1\)su5
cisco	unified_communications_manager	12.5\(1\)su6
cisco	unified_communications_manager	12.5\(1\)su7
cisco	unified_communications_manager	12.5\(1\)su7a
cisco	unified_communications_manager	12.5\(1\)su8
cisco	unified_communications_manager	12.5\(1\)su8a
cisco	unified_communications_manager	12.5\(1\)su9
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su1
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su2
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su3
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su4
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su5
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su6
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su7
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su8
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su9
cisco	unified_contact_center_express	8.5\(1\)
cisco	unified_contact_center_express	9.0\(2\)su3es04
cisco	unified_contact_center_express	10.0\(1\)su1
cisco	unified_contact_center_express	10.0\(1\)su1es04
cisco	unified_contact_center_express	10.5\(1\)
cisco	unified_contact_center_express	10.5\(1\)su1
cisco	unified_contact_center_express	10.5\(1\)su1es10
cisco	unified_contact_center_express	10.6\(1\)
cisco	unified_contact_center_express	10.6\(1\)su1
cisco	unified_contact_center_express	10.6\(1\)su2
cisco	unified_contact_center_express	10.6\(1\)su2es04
cisco	unified_contact_center_express	10.6\(1\)su3
cisco	unified_contact_center_express	10.6\(1\)su3es01
cisco	unified_contact_center_express	10.6\(1\)su3es02
cisco	unified_contact_center_express	10.6\(1\)su3es03
cisco	unified_contact_center_express	11.0\(1\)su1
cisco	unified_contact_center_express	11.0\(1\)su1es02
cisco	unified_contact_center_express	11.0\(1\)su1es03
cisco	unified_contact_center_express	11.5\(1\)es01
cisco	unified_contact_center_express	11.5\(1\)su1
cisco	unified_contact_center_express	11.5\(1\)su1es01
cisco	unified_contact_center_express	11.5\(1\)su1es02
cisco	unified_contact_center_express	11.5\(1\)su1es03
cisco	unified_contact_center_express	11.6\(1\)
cisco	unified_contact_center_express	11.6\(1\)es01
cisco	unified_contact_center_express	11.6\(1\)es02
cisco	unified_contact_center_express	11.6\(2\)
cisco	unified_contact_center_express	11.6\(2\)es01
cisco	unified_contact_center_express	11.6\(2\)es02
cisco	unified_contact_center_express	11.6\(2\)es03
cisco	unified_contact_center_express	11.6\(2\)es04
cisco	unified_contact_center_express	11.6\(2\)es05
cisco	unified_contact_center_express	11.6\(2\)es06
cisco	unified_contact_center_express	11.6\(2\)es07
cisco	unified_contact_center_express	11.6\(2\)es08
cisco	unified_contact_center_express	12.0\(1\)
cisco	unified_contact_center_express	12.0\(1\)es01
cisco	unified_contact_center_express	12.0\(1\)es02
cisco	unified_contact_center_express	12.0\(1\)es03
cisco	unified_contact_center_express	12.0\(1\)es04
cisco	unified_contact_center_express	12.5\(1\)
cisco	unified_contact_center_express	12.5\(1\)_su01_es01
cisco	unified_contact_center_express	12.5\(1\)_su01_es02
cisco	unified_contact_center_express	12.5\(1\)_su01_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es01
cisco	unified_contact_center_express	12.5\(1\)_su02_es02
cisco	unified_contact_center_express	12.5\(1\)_su02_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es01
cisco	unified_contact_center_express	12.5\(1\)_su03_es02
cisco	unified_contact_center_express	12.5\(1\)_su03_es03
cisco	unified_contact_center_express	12.5\(1\)_su03_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es05
cisco	unified_contact_center_express	12.5\(1\)_su03_es06
cisco	unified_contact_center_express	12.5\(1\)es01
cisco	unified_contact_center_express	12.5\(1\)es02
cisco	unified_contact_center_express	12.5\(1\)es03
cisco	unified_contact_center_express	12.5\(1\)su1
cisco	unified_contact_center_express	12.5\(1\)su2
cisco	unified_contact_center_express	12.5\(1\)su3
cisco	unified_intelligence_center	𝑥 < 12.6\(2\)es_04
cisco	unity_connection	12.5\(1\)
cisco	unity_connection	12.5\(1\)su1
cisco	unity_connection	12.5\(1\)su2
cisco	unity_connection	12.5\(1\)su3
cisco	unity_connection	12.5\(1\)su4
cisco	unity_connection	12.5\(1\)su5
cisco	unity_connection	12.5\(1\)su6
cisco	unity_connection	12.5\(1\)su7
cisco	unity_connection	12.5\(1\)su8
cisco	unity_connection	12.5\(1\)su8a
cisco	unity_connection	12.5\(1\)su9
cisco	virtualized_voice_browser	𝑥 < 12.6\(2\)es06

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy