CVE-2025-20361

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) (affected versions not specified)

Description A flaw exists in the web-based management interface that may allow a remote attacker with administrative privileges to perform a cross-site scripting (XSS) attack against a user of the interface. The issue is due to improper validation of user-supplied input. Successful exploitation could allow an attacker to execute arbitrary script code within the affected interface or gain access to sensitive, browser-based information. The attacker must possess valid administrative credentials to exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.