CVE-2025-20288
high-risk
Published 2025-07-16
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.
Do I need to act?
-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.8/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
Affected Vendors
References (1)
50
/ 100
high-risk
Severity
22/34 · High
Exploitability
0/34 · Minimal
Exposure
28/34 · Critical