CVE-2025-20112

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications and Contact Center Solutions products (affected versions not specified)

Description A vulnerability in the system could allow an authenticated, local attacker to elevate privileges to root on an affected device. This issue is due to excessive permissions assigned to system commands. An attacker could exploit this by executing crafted commands on the underlying operating system, potentially allowing them to escape the restricted shell and gain root privileges. To exploit this, an attacker would need administrative access to the ESXi hypervisor.

Recommendations To resolve the issue, apply the necessary patches or updates to the affected Cisco Unified Communications and Contact Center Solutions products. At the moment, there is no information about a newer version that contains a fix for this vulnerability.