Skip to main content

Socialminer CVE-2025-20278

| EUVDEUVD-2025-16884 MEDIUM
Command Injection (CWE-77)
2025-06-04 psirt@cisco.com
6.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.0 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 17:29 euvd
EUVD-2025-16884
Analysis Generated
Mar 14, 2026 - 17:29 vuln.today
CVE Published
Jun 04, 2025 - 17:15 nvd
MEDIUM 6.0

DescriptionCVE.org

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.

This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.

Analysis

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.

This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.

Technical ContextAI

Command injection allows an attacker to execute arbitrary OS commands on the host system through a vulnerable application that passes user input to system shells.

RemediationAI

Avoid passing user input to system commands. Use language-specific APIs instead of shell commands. If unavoidable, use strict input validation and escaping.

CVE-2017-12337 CRITICAL
9.8 Nov 16

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System softw

CVE-2017-12216 HIGH
8.8 Sep 07

A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to

CVE-2017-6702 MEDIUM
6.1 Jul 04

A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a c

CVE-2019-1668 MEDIUM
6.1 Jan 24

A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform

CVE-2018-15435 MEDIUM
6.1 Oct 17

A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attack

CVE-2018-0290 MEDIUM
5.3 May 17

A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial

CVE-2013-5489 MEDIUM
5.0 Sep 13

The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remo

CVE-2013-5492 MEDIUM
5.0 Sep 13

administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network

CVE-2013-5483 MEDIUM
4.3 Sep 08

Cross-site scripting (XSS) vulnerability in bookmarklet.jsp in Cisco SocialMiner allows remote attackers to inject arbit

CVE-2015-6356 MEDIUM
4.3 Nov 04

Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inj

CVE-2025-20129 MEDIUM
4.3 Jun 04

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMin

Share

CVE-2025-20278 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy