CVE-2025-20377

Name of the Vulnerable Software and Affected Versions Cisco Unified Intelligence Center (affected versions not specified)

Description A flaw exists in the API subsystem that may allow a remote attacker with valid credentials to access sensitive information. This is caused by insufficient validation of requests to certain API endpoints. An attacker could exploit this by sending a request to a specific API endpoint, potentially allowing a low-privileged user to view restricted information. The affected API endpoints are not explicitly specified, but the issue relates to bypassing endpoint validation within the Cisco Unified Intelligence Center.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.