CVE-2025-20129: Cisco Customer Collaboration Platform Information Disclosure Vulnerability

4.3 CVSS

Description

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data.

This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.

Classification

CVE ID: CVE-2025-20129

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Problem Types

Exposure of Sensitive Information to an Unauthorized Actor

Affected Products

Vendor: Cisco

Product: Cisco SocialMiner, Cisco Unified Contact Center Express

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 20.64% (scored less or equal to compared to others)

EPSS Date: 2025-06-06 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-20129
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd

Timeline

2025-06-04 16:00:41 UTC
Cisco Security Advisory

Cisco Customer Collaboration Platform Information Disclosure Vulnerability
2025-06-04 17:40:15 UTC
CVE

Cisco Customer Collaboration Platform Information Disclosure Vulnerability