Cisco Unified Intelligence Center Privilege Escalation Vulnerabilities
TL;DR 📌
Multiple privilege escalation vulnerabilities have been identified in Cisco Unified Intelligence Center, allowing authenticated remote attackers to elevate their privileges. Cisco has released software updates to address these vulnerabilities, and there are no workarounds available.
What happened 🕵️♂️
Cisco has disclosed vulnerabilities in the Cisco Unified Intelligence Center that could allow authenticated remote attackers to perform privilege escalation attacks. These vulnerabilities arise from insufficient validation of user-supplied parameters in API or HTTP requests, potentially enabling attackers to access or modify data beyond their intended access level.
Affected products 🖥️
The following products are affected by these vulnerabilities:
- Cisco Unified Intelligence Center
- Cisco Unified Contact Center Express (includes Cisco Unified Intelligence Center as part of its software bundle)
- Packaged Contact Center Enterprise
- Unified Contact Center Enterprise
Only products listed above are confirmed to be vulnerable; Cisco Finesse is not affected.
Fixed software 🔧
Upgrade to at least the first fixed release in your train (or later):
| Product / Release Train | First Fixed Release | Notes |
|---|---|---|
| ISE / ISE-PIC 12.5 | 12.5(1)SU ES04 | |
| ISE / ISE-PIC 12.6 | 12.6(2)ES04 | |
| ISE / ISE-PIC 15 | Not vulnerable. | |
| ISE / ISE-PIC 1.0 | Initial public release. |
Workarounds 🧯
There are no workarounds available to mitigate these vulnerabilities.
Risk in context 🎯
The highest CVSS score for these vulnerabilities is 7.1, categorized as HIGH severity. This indicates a significant risk for systems running affected versions of Cisco Unified Intelligence Center, particularly in environments where sensitive data is handled.
Fast facts ⚡
- Advisory ID: cisco-sa-cuis-priv-esc-3Pk96SU4
- CVSS Score: 7.1 (HIGH)
- Vulnerabilities:
- CVE-2025-20113: Privilege Escalation Vulnerability
- CVE-2025-20114: Horizontal Privilege Escalation Vulnerability
- No workarounds available.
For leadership 🧭
It is crucial for organizations using Cisco Unified Intelligence Center to prioritize the application of the released software updates to mitigate the risk of privilege escalation attacks. Ensure that your IT teams are aware of the vulnerabilities and have a plan in place for upgrading affected systems. Regularly consult Cisco’s security advisories for ongoing updates and best practices in maintaining a secure network environment.