{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-20129","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2024-10-10T19:15:13.212Z","datePublished":"2025-06-04T16:17:27.318Z","dateUpdated":"2025-06-04T18:20:18.190Z"},"containers":{"cna":{"title":"Cisco Customer Collaboration Platform Information Disclosure Vulnerability","metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"}}],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data.\r\n\r\nThis vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker."}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd","name":"cisco-sa-ccp-info-disc-ZyGerQpd"}],"exploits":[{"lang":"en","value":"The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."}],"source":{"advisory":"cisco-sa-ccp-info-disc-ZyGerQpd","discovery":"EXTERNAL","defects":["CSCwh43988"]},"problemTypes":[{"descriptions":[{"lang":"en","description":"Exposure of Sensitive Information to an Unauthorized Actor","type":"cwe","cweId":"CWE-200"}]}],"affected":[{"vendor":"Cisco","product":"Cisco SocialMiner","versions":[{"version":"12.5(1)ES01","status":"affected"},{"version":"10.5(1)","status":"affected"},{"version":"11.6(1)","status":"affected"},{"version":"10.6(1)","status":"affected"},{"version":"12.0(1)ES04","status":"affected"},{"version":"10.6(2)","status":"affected"},{"version":"12.5(1)","status":"affected"},{"version":"11.6(2)","status":"affected"},{"version":"12.0(1)","status":"affected"},{"version":"12.0(1)ES02","status":"affected"},{"version":"11.0(1)","status":"affected"},{"version":"11.5(1)","status":"affected"},{"version":"11.5(1)SU1","status":"affected"},{"version":"12.0(1)ES03","status":"affected"},{"version":"12.5(1)SU3","status":"affected"},{"version":"12.5(1)SU1","status":"affected"},{"version":"12.5(1)SU2","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Cisco","product":"Cisco Unified Contact Center Express","versions":[{"version":"10.6(1)","status":"affected"},{"version":"10.5(1)SU1","status":"affected"},{"version":"10.6(1)SU3","status":"affected"},{"version":"12.0(1)","status":"affected"},{"version":"10.0(1)SU1","status":"affected"},{"version":"10.6(1)SU1","status":"affected"},{"version":"11.0(1)SU1","status":"affected"},{"version":"11.5(1)SU1","status":"affected"},{"version":"10.5(1)","status":"affected"},{"version":"11.6(1)","status":"affected"},{"version":"11.6(2)","status":"affected"},{"version":"12.5(1)","status":"affected"},{"version":"12.5(1)SU1","status":"affected"},{"version":"12.5(1)SU2","status":"affected"},{"version":"12.5(1)SU3","status":"affected"},{"version":"12.5(1)_SU03_ES01","status":"affected"},{"version":"12.5(1)_SU03_ES02","status":"affected"},{"version":"12.5(1)_SU02_ES03","status":"affected"},{"version":"12.5(1)_SU02_ES04","status":"affected"},{"version":"12.5(1)_SU02_ES02","status":"affected"},{"version":"12.5(1)_SU01_ES02","status":"affected"},{"version":"12.5(1)_SU01_ES03","status":"affected"},{"version":"12.5(1)_SU02_ES01","status":"affected"},{"version":"11.6(2)ES07","status":"affected"},{"version":"11.6(2)ES08","status":"affected"},{"version":"12.5(1)_SU01_ES01","status":"affected"},{"version":"12.0(1)ES04","status":"affected"},{"version":"12.5(1)ES02","status":"affected"},{"version":"12.5(1)ES03","status":"affected"},{"version":"11.6(2)ES06","status":"affected"},{"version":"12.5(1)ES01","status":"affected"},{"version":"12.0(1)ES03","status":"affected"},{"version":"12.0(1)ES01","status":"affected"},{"version":"11.6(2)ES05","status":"affected"},{"version":"12.0(1)ES02","status":"affected"},{"version":"11.6(2)ES04","status":"affected"},{"version":"11.6(2)ES03","status":"affected"},{"version":"11.6(2)ES02","status":"affected"},{"version":"11.6(2)ES01","status":"affected"},{"version":"10.6(1)SU3ES03","status":"affected"},{"version":"11.0(1)SU1ES03","status":"affected"},{"version":"10.6(1)SU3ES01","status":"affected"},{"version":"10.5(1)SU1ES10","status":"affected"},{"version":"10.0(1)SU1ES04","status":"affected"},{"version":"11.5(1)SU1ES03","status":"affected"},{"version":"11.6(1)ES02","status":"affected"},{"version":"11.5(1)ES01","status":"affected"},{"version":"9.0(2)SU3ES04","status":"affected"},{"version":"10.6(1)SU2","status":"affected"},{"version":"10.6(1)SU2ES04","status":"affected"},{"version":"11.6(1)ES01","status":"affected"},{"version":"10.6(1)SU3ES02","status":"affected"},{"version":"11.5(1)SU1ES02","status":"affected"},{"version":"11.5(1)SU1ES01","status":"affected"},{"version":"8.5(1)","status":"affected"},{"version":"11.0(1)SU1ES02","status":"affected"},{"version":"12.5(1)_SU03_ES03","status":"affected"},{"version":"12.5(1)_SU03_ES04","status":"affected"},{"version":"12.5(1)_SU03_ES05","status":"affected"},{"version":"12.5(1)_SU03_ES06","status":"affected"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2025-06-04T16:17:27.318Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-06-04T18:13:19.983909Z","id":"CVE-2025-20129","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-04T18:20:18.190Z"}}]}}