CVE-2025-1041

Name of the Vulnerable Software and Affected Versions Avaya Call Management System versions 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.

Description An improper input validation in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request.

Recommendations For versions 18.x, consider applying a patch or fix when available. For versions 19.x prior to 19.2.0.7, update to version 19.2.0.7 or later. For versions 20.x prior to 20.0.1.0, update to version 20.0.1.0 or later. As a temporary workaround, consider restricting access to the web request interface to minimize the risk of exploitation.