CVE-2025-20377: Authenticated API Info Leak in Cisco UIC
CVE-2025-20377 Published on November 5, 2025
Cisco Unified Intelligence Center API Information Disclosure Vulnerability
A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system.
This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive information on the affected system that should be restricted. To exploit this vulnerability, the attacker must have valid user credentials on the affected system.
Vulnerability Analysis
CVE-2025-20377 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2025-20377 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2025-20377
Want to know whenever a new CVE is published for Cisco products? stack.watch will email you.
Affected Versions
Cisco Packaged Contact Center Enterprise:- Version 12.5(1) is affected.
- Version 11.0(1) is affected.
- Version 12.0(1) is affected.
- Version 11.0(2) is affected.
- Version 11.5(1) is affected.
- Version 10.5(1) is affected.
- Version 10.5(2) is affected.
- Version 11.6(2) is affected.
- Version 10.5(1)_ES7 is affected.
- Version 11.6(1) is affected.
- Version 10.5(2)_ES8 is affected.
- Version 12.6(1) is affected.
- Version 12.5(2) is affected.
- Version 12.6(2) is affected.
- Version 15.0(1) is affected.
- Version 12.6(1)ES3 is affected.
- Version 12.6(1)ES1 is affected.
- Version 12.6(1) is affected.
- Version 12.6(1)ES2 is affected.
- Version 12.6(1)SecurityPatch is affected.
- Version 12.5(1)ES1 is affected.
- Version 12.5(1) is affected.
- Version 12.6(1)ES4 is affected.
- Version 11.0(1) is affected.
- Version 10.5(1) is affected.
- Version 12.0(1) is affected.
- Version 10.5 is affected.
- Version 11.0 is affected.
- Version 11.5 is affected.
- Version 12.6(2) is affected.
- Version 12.6(2)ES1 is affected.
- Version 12.6(2)ES2 is affected.
- Version 15.0(1) is affected.
- Version 12.6(2)ES3 is affected.
- Version 15.0(1)ET01 is affected.
- Version 15.0(1)_SP1 is affected.
- Version 10.5(1)SU1 is affected.
- Version 10.6(1) is affected.
- Version 11.6(1) is affected.
- Version 10.6(1)SU1 is affected.
- Version 10.6(1)SU3 is affected.
- Version 11.6(2) is affected.
- Version 12.0(1) is affected.
- Version 11.0(1)SU1 is affected.
- Version 11.5(1)SU1 is affected.
- Version 10.5(1) is affected.
- Version 12.5(1) is affected.
- Version 12.5(1)SU1 is affected.
- Version 12.5(1)SU2 is affected.
- Version 12.5(1)SU3 is affected.
- Version 12.5(1)_SU03_ES01 is affected.
- Version 12.5(1)_SU03_ES02 is affected.
- Version 12.5(1)_SU02_ES03 is affected.
- Version 12.5(1)_SU02_ES04 is affected.
- Version 12.5(1)_SU02_ES02 is affected.
- Version 12.5(1)_SU01_ES02 is affected.
- Version 12.5(1)_SU01_ES03 is affected.
- Version 12.5(1)_SU02_ES01 is affected.
- Version 11.6(2)ES07 is affected.
- Version 11.6(2)ES08 is affected.
- Version 12.5(1)_SU01_ES01 is affected.
- Version 12.0(1)ES04 is affected.
- Version 12.5(1)ES02 is affected.
- Version 12.5(1)ES03 is affected.
- Version 11.6(2)ES06 is affected.
- Version 12.5(1)ES01 is affected.
- Version 12.0(1)ES03 is affected.
- Version 12.0(1)ES01 is affected.
- Version 11.6(2)ES05 is affected.
- Version 12.0(1)ES02 is affected.
- Version 11.6(2)ES04 is affected.
- Version 11.6(2)ES03 is affected.
- Version 11.6(2)ES02 is affected.
- Version 11.6(2)ES01 is affected.
- Version 10.6(1)SU3ES03 is affected.
- Version 11.0(1)SU1ES03 is affected.
- Version 10.6(1)SU3ES01 is affected.
- Version 10.5(1)SU1ES10 is affected.
- Version 11.5(1)SU1ES03 is affected.
- Version 11.6(1)ES02 is affected.
- Version 11.5(1)ES01 is affected.
- Version 10.6(1)SU2 is affected.
- Version 10.6(1)SU2ES04 is affected.
- Version 11.6(1)ES01 is affected.
- Version 10.6(1)SU3ES02 is affected.
- Version 11.5(1)SU1ES02 is affected.
- Version 11.5(1)SU1ES01 is affected.
- Version 11.0(1)SU1ES02 is affected.
- Version 12.5(1)_SU03_ES03 is affected.
- Version 12.5(1)_SU03_ES04 is affected.
- Version 12.5(1)_SU03_ES05 is affected.
- Version UCCX 15.0.1 is affected.
- Version 12.5(1)_SU03_ES06 is affected.
- Version 11.6(1) is affected.
- Version 10.5(1) is affected.
- Version 11.0(1) is affected.
- Version 11.5(1) is affected.
- Version 12.0(1) is affected.
- Version 12.5(1) is affected.
- Version 11.0(2) is affected.
- Version 12.6(1) is affected.
- Version 12.5(1)SU is affected.
- Version 12.6(1)_ET is affected.
- Version 12.6(1)_ES05_ET is affected.
- Version 11.0(3) is affected.
- Version 12.6(2) is affected.
- Version 12.6(2)_504_Issue_ET is affected.
- Version 12.6.1_ExcelIssue_ET is affected.
- Version 12.6(2)_Permalink_ET is affected.
- Version 12.6.2_CSCwk19536_ET is affected.
- Version 12.6.2_CSCwm96922_ET is affected.
- Version 12.6.2_Amq_OOS_ET is affected.
- Version 12.5(2)ET_CSCwi79933 is affected.
- Version 12.6(2)_ET is affected.
- Version 12.6.2_CSCwn48501_ET is affected.
- Version 15.0(1) is affected.
- Version 12.6.2_CSCwp61293_ET is affected.
- Version 12.6.2_CSCwp92614_ET is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.