Cisco Unified Intelligence Center Vulnerability Enables Privilege Escalation Attacks

Cisco has released urgent security updates to address two privilege escalation vulnerabilities—CVE-2025-20113 and CVE-2025-20114—in its Unified Intelligence Center (UIC) platform, a core component of several Cisco contact center solutions.

These flaws, disclosed on May 21, 2025, impact not only standalone UIC deployments but also Packaged Contact Center Enterprise (Packaged CCE), Unified Contact Center Enterprise (Unified CCE), and Unified Contact Center Express (Unified CCX), as the latter bundles UIC by default.

The most severe vulnerability, CVE-2025-20113, carries a CVSS base score of 7.1 (High) and arises from insufficient server-side validation of user-supplied parameters in API or HTTP requests.

This flaw allows an authenticated, remote attacker to escalate their privileges to Administrator for a limited set of functions.

By submitting a specially crafted API or HTTP request, an attacker could access, modify, or delete sensitive data beyond their authorized access, potentially exposing critical information stored in the system.

The second vulnerability, CVE-2025-20114, is rated Medium severity with a CVSS score of 4.3. It enables horizontal privilege escalation through insecure direct object reference (IDOR) attacks.

An authenticated attacker could exploit insufficient validation in API requests to access data belonging to other users on the same system, compromising confidentiality and privacy.

Technical Details and Exploitation Risks

The vulnerabilities are not interdependent, meaning exploitation of one is not required to exploit the other.

Both stem from improper handling and validation of user-supplied parameters in API or HTTP requests:

• CVE-2025-20113: The core issue is a lack of robust server-side validation, allowing attackers to manipulate parameters and gain unauthorized administrative access. The attack vector is remote, requiring only authenticated access and no user interaction. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N, indicating network-based exploitation with low complexity and limited privileges required.
• CVE-2025-20114: This flaw is rooted in insufficient validation of API parameters, exposing the system to IDOR attacks. Attackers can craft API requests to access data tied to other users, breaching data segmentation and confidentiality. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N1.

No workarounds are available for either vulnerability, making prompt patching essential. Cisco has released fixed software versions for affected product lines:

Urgent Remediation and Industry Response

Cisco urges all customers using affected versions to upgrade immediately to the fixed releases.

The company has confirmed that no public reports or active exploits have been observed as of the advisory’s publication, but the risk of data compromise and privilege abuse is significant if left unaddressed.

The vulnerabilities have been cataloged under CWE-602 (Client-Side Enforcement of Server-Side Security) and CWE-639 (Authorization Bypass Through User-Controlled Key), highlighting the technical root causes.

Security professionals recommend regular review of Cisco advisories and prompt application of patches to maintain robust security postures.

As Cisco continues to address security flaws across its product suite, organizations are reminded that timely patch management and vigilant monitoring are critical in defending against evolving threats

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates