Multiple Vulnerabilities in Cisco Unified Intelligence Center, Unified Contact Center Express, and Identity Services Engine

26 May 2025

Cisco has released security updates addressing multiple vulnerabilities in Cisco products. Users and administrators of affected products are advised to update to the latest versions.

Multiple Vulnerabilities in Cisco Unified Intelligence Center, Unified Contact Center Express, and Identity Services Engine

Background

Cisco has released security updates addressing multiple vulnerabilities (CVE-2025-20113 and CVE-2025-20152) in Cisco Unified Intelligence Center, Unified Contact Center Express, and Identity Services Engine.

Impact

The vulnerabilities are:

CVE-2025-20113: Successful exploitation of the vulnerability could allow an authenticated, remote attacker to conduct privilege escalation attacks on the vulnerable system.
CVE-2025-20152: Successful exploitation of the vulnerability could allow an authenticated, remote attacker to conduct denial of service attacks on the vulnerable product.

Affected Products

The vulnerabilities affect the following products:

CVE-2025-20113

Cisco Unified Intelligence Center versions 12.5 and 12.6
Cisco Unified Contact Center Express versions 12.5(1)SU3 and earlier

CVE-2025-20152

Cisco Identity Services Engine version 3.4

Mitigation

Users and administrators of affected products are advised to update to the latest versions.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-20113

https://nvd.nist.gov/vuln/detail/CVE-2025-20152

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-restart-ss-uf986G2Q

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Multiple Vulnerabilities in Cisco Unified Intelligence Center, Unified Contact Center Express, and Identity Services Engine

Reach us