CVE-2025-20361 Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability

🗓️ 01 Oct 2025 16:12:22Reported by ciscoType

Authenticated attacker can trigger stored XSS in Cisco Unified Communications Manager interface with admin creds.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-20361	1 Oct 202516:59	–	circl
Cisco	Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability	1 Oct 202516:00	–	cisco
CNNVD	Cisco Unified Communications Manager 跨站脚本漏洞	1 Oct 202500:00	–	cnnvd
CVE	CVE-2025-20361	1 Oct 202516:12	–	cve
EUVD	EUVD-2025-32024	3 Oct 202520:07	–	euvd
NVD	CVE-2025-20361	1 Oct 202517:15	–	nvd
Positive Technologies	PT-2025-40268	1 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-20361	2 Oct 202516:51	–	redhatcve
Vulnrichment	CVE-2025-20361 Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability	1 Oct 202516:12	–	vulnrichment

[
  {
    "vendor": "Cisco",
    "product": "Cisco Unified Communications Manager",
    "versions": [
      {
        "version": "12.5(1)SU2",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU1",
        "status": "affected"
      },
      {
        "version": "12.5(1)",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU3",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU4",
        "status": "affected"
      },
      {
        "version": "14",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU5",
        "status": "affected"
      },
      {
        "version": "14SU1",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU6",
        "status": "affected"
      },
      {
        "version": "14SU2",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU7",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU7a",
        "status": "affected"
      },
      {
        "version": "14SU3",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU8",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU8a",
        "status": "affected"
      },
      {
        "version": "15",
        "status": "affected"
      },
      {
        "version": "15SU1",
        "status": "affected"
      },
      {
        "version": "14SU4",
        "status": "affected"
      },
      {
        "version": "14SU4a",
        "status": "affected"
      },
      {
        "version": "15SU1a",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU9",
        "status": "affected"
      },
      {
        "version": "15SU2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
sec	www.sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-stored-xss-Fnj66YLy

01 Oct 2025 16:12Current

CVSS 3.14.8

EPSS0.00202