Avaya · Avaya Call Management System · CVE-2025-1041
**Name of the Vulnerable Software and Affected Versions**
Avaya Call Management System versions 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.
**Description**
An improper input validation in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request.
**Recommendations**
For versions 18.x, consider applying a patch or fix when available.
For versions 19.x prior to 19.2.0.7, update to version 19.2.0.7 or later.
For versions 20.x prior to 20.0.1.0, update to version 20.0.1.0 or later.
As a temporary workaround, consider restricting access to the web request interface to minimize the risk of exploitation.