Priv Escalation in Cisco Unified Comm via Local Auth on ESXi
CVE-2025-20112 Published on May 21, 2025

Cisco Unified Communications Products Privilege Escalation Vulnerability
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor.

NVD

Vulnerability Analysis

CVE-2025-20112 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

HIGH

Availability Impact:

NONE

Weakness Type

Privilege Chaining

Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.

Products Associated with CVE-2025-20112

Want to know whenever a new CVE is published for Cisco products? stack.watch will email you.

Cisco Emergency Responder

Cisco Finesse

Cisco Prime Collaboration Deployment

Cisco Socialminer

Cisco Unified Communications Manager

Cisco Unified Communications Manager Im Presence Service

Cisco Unified Contact Center Express

Cisco Unified Intelligence Center

Cisco Unity Connection

Cisco Virtualized Voice Browser

Affected Versions

Cisco Emergency Responder:

Version 12.5(1a) is affected.
Version 12.5(1)SU1 is affected.
Version 12.5(1) is affected.
Version 12.5(1)SU2 is affected.
Version 12.5(1)SU3 is affected.
Version 12.5(1)SU4 is affected.
Version 14 is affected.
Version 12.5(1)SU5 is affected.
Version 14SU1 is affected.
Version 12.5(1)SU6 is affected.
Version 14SU2 is affected.
Version 12.5(1)SU7 is affected.
Version 14SU3 is affected.
Version 12.5(1)SU8 is affected.
Version 12.5(1)SU8a is affected.
Version 12.5(1)SU8b is affected.
Version 14SU3a is affected.
Version 15 is affected.
Version 15SU1 is affected.
Version 15SU1a is affected.
Version 14SU4 is affected.
Version 12.5(1)SU9 is affected.

Cisco Finesse:

Version 11.0(1)ES_Rollback is affected.
Version 10.5(1)ES4 is affected.
Version 11.6(1)ES3 is affected.
Version 11.0(1)ES2 is affected.
Version 12.0(1)ES2 is affected.
Version 10.5(1)ES3 is affected.
Version 11.0(1) is affected.
Version 11.6(1)FIPS is affected.
Version 11.6(1)ES4 is affected.
Version 11.0(1)ES3 is affected.
Version 10.5(1)ES6 is affected.
Version 11.0(1)ES7 is affected.
Version 11.5(1)ES4 is affected.
Version 10.5(1)ES8 is affected.
Version 11.5(1) is affected.
Version 11.6(1) is affected.
Version 10.5(1)ES10 is affected.
Version 11.6(1)ES2 is affected.
Version 11.6(1)ES is affected.
Version 11.0(1)ES6 is affected.
Version 11.0(1)ES4 is affected.
Version 12.0(1) is affected.
Version 11.6(1)ES7 is affected.
Version 10.5(1)ES7 is affected.
Version 11.6(1)ES8 is affected.
Version 11.5(1)ES1 is affected.
Version 11.6(1)ES1 is affected.
Version 11.5(1)ES5 is affected.
Version 11.0(1)ES1 is affected.
Version 10.5(1) is affected.
Version 11.6(1)ES6 is affected.
Version 10.5(1)ES2 is affected.
Version 12.0(1)ES1 is affected.
Version 11.0(1)ES5 is affected.
Version 10.5(1)ES5 is affected.
Version 11.5(1)ES3 is affected.
Version 11.5(1)ES2 is affected.
Version 10.5(1)ES9 is affected.
Version 11.6(1)ES5 is affected.
Version 11.6(1)ES9 is affected.
Version 11.5(1)ES6 is affected.
Version 10.5(1)ES1 is affected.
Version 12.5(1) is affected.
Version 12.0(1)ES3 is affected.
Version 11.6(1)ES10 is affected.
Version 12.5(1)ES1 is affected.
Version 12.5(1)ES2 is affected.
Version 12.0(1)ES4 is affected.
Version 12.5(1)ES3 is affected.
Version 12.0(1)ES5 is affected.
Version 12.5(1)ES4 is affected.
Version 12.0(1)ES6 is affected.
Version 12.5(1)ES5 is affected.
Version 12.5(1)ES6 is affected.
Version 12.0(1)ES7 is affected.
Version 12.6(1) is affected.
Version 12.5(1)ES7 is affected.
Version 11.6(1)ES11 is affected.
Version 12.6(1)ES1 is affected.
Version 12.0(1)ES8 is affected.
Version 12.5(1)ES8 is affected.
Version 12.6(1)ES2 is affected.
Version 12.6(1)ES3 is affected.
Version 12.6(1)ES4 is affected.
Version 12.6(1)ES5 is affected.
Version 12.5(2) is affected.
Version 12.5(1)_SU is affected.
Version 12.5(1)SU is affected.
Version 12.6(1)ES6 is affected.
Version 12.5(1)SU ES1 is affected.
Version 12.6(1)ES7 is affected.
Version 12.6(1)ES7_ET is affected.
Version 12.6(2) is affected.
Version 12.6(1)ES8 is affected.
Version 12.6(1)ES9 is affected.
Version 12.6(2)ES1 is affected.
Version 12.6(1)ES10 is affected.
Version 12.5(1)SU ES2 is affected.
Version 12.6(1)ES11 is affected.
Version 12.6(2)ES2 is affected.
Version 12.6(2)ES3 is affected.
Version 12.5(1)SU ES3 is affected.
Version 12.6(2)ES4 is affected.
Version 12.6(2)ES6 is affected.

Cisco Prime Collaboration Deployment:

Version 11.5(1) is affected.
Version 11.0(1a) is affected.
Version 11.5(1)SU1 is affected.
Version 10.5(3) is affected.
Version 12.6(1) is affected.
Version 11.0(1) is affected.
Version 11.6(2) is affected.
Version 12.1(1) is affected.
Version 12.0(1a) is affected.
Version 11.5(3) is affected.
Version 10.5(1) is affected.
Version 12.5(1) is affected.
Version 11.5(2) is affected.
Version 11.6(1) is affected.
Version 10.5(2) is affected.
Version 10.5(3)SU1 is affected.
Version 14 is affected.
Version 14SU1 is affected.
Version 14SU2 is affected.
Version 14SU3 is affected.
Version 15 is affected.
Version 15SU1 is affected.
Version 14SU4 is affected.

Cisco SocialMiner:

Version 12.5(1)ES01 is affected.
Version 10.5(1) is affected.
Version 11.6(1) is affected.
Version 10.6(1) is affected.
Version 12.0(1)ES04 is affected.
Version 10.6(2) is affected.
Version 12.5(1) is affected.
Version 11.6(2) is affected.
Version 12.0(1) is affected.
Version 12.0(1)ES02 is affected.
Version 11.0(1) is affected.
Version 11.5(1) is affected.
Version 11.5(1)SU1 is affected.
Version 12.0(1)ES03 is affected.
Version 12.5(1)SU3 is affected.
Version 12.5(1)SU1 is affected.
Version 12.5(1)SU2 is affected.

Cisco Unified Communications Manager:

Version 12.5(1)SU2 is affected.
Version 12.5(1)SU1 is affected.
Version 12.5(1) is affected.
Version 12.5(1)SU3 is affected.
Version 12.5(1)SU4 is affected.
Version 14 is affected.
Version 12.5(1)SU5 is affected.
Version 14SU1 is affected.
Version 12.5(1)SU6 is affected.
Version 14SU2 is affected.
Version 12.5(1)SU7 is affected.
Version 12.5(1)SU7a is affected.
Version 14SU3 is affected.
Version 12.5(1)SU8 is affected.
Version 12.5(1)SU8a is affected.
Version 15 is affected.
Version 15SU1 is affected.
Version 14SU4 is affected.
Version 14SU4a is affected.
Version 15SU1a is affected.
Version 12.5(1)SU9 is affected.

Cisco Unified Communications Manager IM and Presence Service:

Version 12.5(1) is affected.
Version 12.5(1)SU1 is affected.
Version 12.5(1)SU2 is affected.
Version 12.5(1)SU3 is affected.
Version 12.5(1)SU4 is affected.
Version 14 is affected.
Version 12.5(1)SU5 is affected.
Version 14SU1 is affected.
Version 12.5(1)SU6 is affected.
Version 14SU2 is affected.
Version 14SU2a is affected.
Version 12.5(1)SU7 is affected.
Version 14SU3 is affected.
Version 12.5(1)SU8 is affected.
Version 15 is affected.
Version 15SU1 is affected.
Version 14SU4 is affected.
Version 12.5(1)SU9 is affected.

Cisco Unified Contact Center Express:

Version 10.5(1)SU1 is affected.
Version 10.6(1) is affected.
Version 11.6(1) is affected.
Version 10.6(1)SU1 is affected.
Version 10.6(1)SU3 is affected.
Version 11.6(2) is affected.
Version 12.0(1) is affected.
Version 10.0(1)SU1 is affected.
Version 11.0(1)SU1 is affected.
Version 11.5(1)SU1 is affected.
Version 10.5(1) is affected.
Version 12.5(1) is affected.
Version 12.5(1)SU1 is affected.
Version 12.5(1)SU2 is affected.
Version 12.5(1)SU3 is affected.
Version 12.5(1)_SU03_ES01 is affected.
Version 12.5(1)_SU03_ES02 is affected.
Version 12.5(1)_SU02_ES03 is affected.
Version 12.5(1)_SU02_ES04 is affected.
Version 12.5(1)_SU02_ES02 is affected.
Version 12.5(1)_SU01_ES02 is affected.
Version 12.5(1)_SU01_ES03 is affected.
Version 12.5(1)_SU02_ES01 is affected.
Version 11.6(2)ES07 is affected.
Version 11.6(2)ES08 is affected.
Version 12.5(1)_SU01_ES01 is affected.
Version 12.0(1)ES04 is affected.
Version 12.5(1)ES02 is affected.
Version 12.5(1)ES03 is affected.
Version 11.6(2)ES06 is affected.
Version 12.5(1)ES01 is affected.
Version 12.0(1)ES03 is affected.
Version 12.0(1)ES01 is affected.
Version 11.6(2)ES05 is affected.
Version 12.0(1)ES02 is affected.
Version 11.6(2)ES04 is affected.
Version 11.6(2)ES03 is affected.
Version 11.6(2)ES02 is affected.
Version 11.6(2)ES01 is affected.
Version 10.6(1)SU3ES03 is affected.
Version 11.0(1)SU1ES03 is affected.
Version 10.6(1)SU3ES01 is affected.
Version 10.5(1)SU1ES10 is affected.
Version 10.0(1)SU1ES04 is affected.
Version 11.5(1)SU1ES03 is affected.
Version 11.6(1)ES02 is affected.
Version 11.5(1)ES01 is affected.
Version 9.0(2)SU3ES04 is affected.
Version 10.6(1)SU2 is affected.
Version 10.6(1)SU2ES04 is affected.
Version 11.6(1)ES01 is affected.
Version 10.6(1)SU3ES02 is affected.
Version 11.5(1)SU1ES02 is affected.
Version 11.5(1)SU1ES01 is affected.
Version 8.5(1)SU4ES09 is affected.
Version 8.5(1) is affected.
Version 11.0(1)SU1ES02 is affected.
Version 12.5(1)_SU03_ES03 is affected.
Version 12.5(1)_SU03_ES04 is affected.
Version 12.5(1)_SU03_ES05 is affected.
Version 12.5(1)_SU03_ES06 is affected.

Cisco Unified Intelligence Center:

Version 11.6(1) is affected.
Version 10.5(1) is affected.
Version 11.0(1) is affected.
Version 11.5(1) is affected.
Version 12.0(1) is affected.
Version 12.5(1) is affected.
Version 11.0(2) is affected.
Version 12.6(1) is affected.
Version 12.5(1)SU is affected.
Version 12.6(1)_ET is affected.
Version 12.6(1)_ES05_ET is affected.
Version 11.0(3) is affected.
Version 12.6(2) is affected.
Version 12.6(2)_504_Issue_ET is affected.
Version 12.6.1_ExcelIssue_ET is affected.
Version 12.6(2)_Permalink_ET is affected.
Version 12.6.2_CSCwk19536_ET is affected.
Version 12.6.2_CSCwm96922_ET is affected.
Version 12.6.2_Amq_OOS_ET is affected.
Version 12.5(2)ET_CSCwi79933 is affected.
Version 12.6(2)_ET is affected.
Version 12.6.2_CSCwn48501_ET is affected.

Cisco Unity Connection:

Version 12.5(1) is affected.
Version 12.5(1)SU1 is affected.
Version 12.5(1)SU2 is affected.
Version 12.5(1)SU3 is affected.
Version 12.5(1)SU4 is affected.
Version 14 is affected.
Version 12.5(1)SU5 is affected.
Version 14SU1 is affected.
Version 12.5(1)SU6 is affected.
Version 14SU2 is affected.
Version 12.5(1)SU7 is affected.
Version 14SU3 is affected.
Version 12.5(1)SU8 is affected.
Version 14SU3a is affected.
Version 12.5(1)SU8a is affected.
Version 15 is affected.
Version 15SU1 is affected.
Version 14SU4 is affected.
Version 12.5(1)SU9 is affected.

Cisco Virtualized Voice Browser:

Version 11.0(1) is affected.
Version 11.6(1)_ES84 is affected.
Version 11.5(1)_ES54 is affected.
Version 11.5(1)_ES27 is affected.
Version 11.5(1) is affected.
Version 11.5(1)ES36 is affected.
Version 12.0(1)_ES01 is affected.
Version 11.6(1)_ES85 is affected.
Version 12.5(1)_ES05 is affected.
Version 11.5(1)_ES32 is affected.
Version 11.6(1)_ES83 is affected.
Version 11.5(1)_ES29 is affected.
Version 12.0(1)_ES06 is affected.
Version 12.5(1) is affected.
Version 12.0(1)_ES07 is affected.
Version 11.6(1)_ES80 is affected.
Version 12.0(1)_ES05 is affected.
Version 11.5(1)_ES36 is affected.
Version 11.5(1)_ES53 is affected.
Version 12.5(1)_ES08 is affected.
Version 11.5(1)ES43 is affected.
Version 12.0(1)_ES03 is affected.
Version 11.6(1)_ES86 is affected.
Version 12.0(1)_ES04 is affected.
Version 11.5(1)ES27 is affected.
Version 12.5(1)_ES03 is affected.
Version 11.6(1)_ES88 is affected.
Version 12.5(1)_ES06 is affected.
Version 11.6(1)_ES82 is affected.
Version 11.6(1) is affected.
Version 11.5(1)ES29 is affected.
Version 12.5(1)_ES04 is affected.
Version 12.5(1)_ES07 is affected.
Version 11.6(1)_ES87 is affected.
Version 11.6(1)_ES81 is affected.
Version 12.0(1) is affected.
Version 11.6(1)_ES22 is affected.
Version 11.5(1)_ES43 is affected.
Version 11.5(1)ES32 is affected.
Version 12.0(1)_ES02 is affected.
Version 12.5(1)_ES02 is affected.
Version 12.6(1) is affected.
Version 12.5(1)_ES09 is affected.
Version 12.6(1)_ES01 is affected.
Version 12.0(1)_ES08 is affected.
Version 12.5(1)_ES10 is affected.
Version 12.6(1)_ES02 is affected.
Version 12.5(1)_ES11 is affected.
Version 12.5(1)_ES12 is affected.
Version 12.6(1)_ES03 is affected.
Version 12.5(1)_ES13 is affected.
Version 12.5(1)_ES14 is affected.
Version 12.6(1)_ES04 is affected.
Version 12.6(1)_ES05 is affected.
Version 12.5(1)_ES15 is affected.
Version 12.6(1)_ES06 is affected.
Version 12.6(1)_ET is affected.
Version 12.5(1)_ES16 is affected.
Version 12.5(1)SU is affected.
Version 12.5(1)_SU is affected.
Version 12.5(1)_SU_ES01 is affected.
Version 12.6(1)_ES07 is affected.
Version 12.6(2) is affected.
Version 12.5(1)_ES17 is affected.
Version 12.6(1)_ES08 is affected.
Version 12.6(1)_ES09 is affected.
Version 12.6(1)_ES10 is affected.
Version 12.5(1)_SU_ES02 is affected.
Version 12.6(2)_ES01 is affected.
Version 12.6(2)_ET01 is affected.
Version 12.5(2)_ET is affected.
Version 12.6(2)_ES02 is affected.
Version 12.6(2)_ET_Streaming is affected.
Version 12.6(2)ET_Transcribe is affected.
Version 12.6(2)_ES03 is affected.
Version 12.6(2)ET_NuanceMix is affected.
Version 12.6(2)ET_FileUpload is affected.
Version 12.6(2)_ET02 is affected.
Version 12.6(2)_ES04 is affected.
Version 12.6.2ET_RTPfallback is affected.
Version 12.6.2ET_CSCwf55306 is affected.
Version 12.6.2_ET_CSCwj36712 is affected.
Version 12.5.2 ET-CSCwj33374 is affected.
Version 12.5(1) SU ET is affected.
Version 12.6(2)ET_CSCwj87296 is affected.
Version 12.6(2)_ES05 is affected.
Version 12.5.2_ET_CSCvz27014 is affected.
Version 12.6(2)_ET is affected.
Version 12.6.2-ET is affected.
Version 12.6(2)ET_CSCwk83135 is affected.
Version 12.6.2_ET_CX_ALAW is affected.
Version 12.6.2-ET01-SSL is affected.
Version 12.6(2)_ES06 is affected.

Exploit Probability

EPSS

0.02%

Percentile

4.93%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.