What is CVE-2025-20112?

CVE-2025-20112 is a medium-severity vulnerability in Cisco Emergency Responder, classified under Privilege Chaining. CVSS score: 5.1/10. Published 2025-05-21.

How severe is CVE-2025-20112?

Medium severity. CVSS v3 base score is 5.1 out of 10.

Vulnerability in Cisco Emergency Responder

CVE-2025-20112

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive perm…

EPSS: 0.001 (21.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N.

Affected products

Cisco Emergency Responder — versions 12.5(1a), 12.5(1)SU1, 12.5(1)
Cisco Finesse — versions 11.0(1)ES_Rollback, 10.5(1)ES4, 11.6(1)ES3
Cisco Prime Collaboration Deployment — versions 11.5(1), 11.0(1a), 11.5(1)SU1
Cisco Socialminer — versions 12.5(1)ES01, 10.5(1), 11.6(1)
Cisco Unified Communications Manager — versions 12.5(1)SU2, 12.5(1)SU1, 12.5(1)
Cisco Unified Communications Manager Im And Presence Service — versions 12.5(1), 12.5(1)SU1, 12.5(1)SU2
Cisco Unified Contact Center Express — versions 10.5(1)SU1, 10.6(1), 11.6(1)
Cisco Unified Intelligence Center — versions 11.6(1), 10.5(1), 11.0(1)
Cisco Unity Connection — versions 12.5(1), 12.5(1)SU1, 12.5(1)SU2
Cisco Virtualized Voice Browser — versions 11.0(1), 11.6(1)_ES84, 11.5(1)_ES54

Weakness classification (CWE)

CWE-268 — Privilege Chaining

References

cisco-sa-cucm-kkhZbHR5

Frequently asked questions

What is CVE-2025-20112?: CVE-2025-20112 is a medium-severity vulnerability in Cisco Emergency Responder, classified under Privilege Chaining. CVSS score: 5.1/10. Published 2025-05-21.
How severe is CVE-2025-20112?: Medium severity. CVSS v3 base score is 5.1 out of 10.