CVE-2025-20129

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd

Configurations

No configuration.

History

05 Jun 2025, 20:12

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-04 17:15

Updated : 2025-06-05 20:12

NVD link : CVE-2025-20129

Mitre link : CVE-2025-20129

CVE.ORG link : CVE-2025-20129

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2025-20129", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-06-04T17:15:25.407", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd", "source": "psirt@cisco.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data.\r\n\r\nThis vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de chat web de Cisco Customer Collaboration Platform (CCP), anteriormente Cisco SocialMiner, podr\u00eda permitir que un atacante remoto no autenticado persuada a los usuarios para que revelen informaci\u00f3n confidencial. Esta vulnerabilidad se debe a una depuraci\u00f3n inadecuada de las solicitudes HTTP enviadas a la interfaz de chat web. Un atacante podr\u00eda explotar esta vulnerabilidad enviando solicitudes HTTP manipuladas a la interfaz de chat de un usuario objetivo en un servidor vulnerable. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante redirigir el tr\u00e1fico de chat a un servidor bajo su control, lo que resultar\u00eda en la redirecci\u00f3n de informaci\u00f3n confidencial."}], "lastModified": "2025-06-05T20:12:23.777", "sourceIdentifier": "psirt@cisco.com"}