Skip to main content

Call Management System EUVDEUVD-2025-17628

| CVE-2025-1041 CRITICAL
Improper Input Validation (CWE-20)
2025-06-10 securityalerts@avaya.com
9.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 05:55 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
20.0.1.0,19.2.0.7
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17628
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
CVE Published
Jun 10, 2025 - 06:15 nvd
CRITICAL 9.9

DescriptionCVE.org

An improper input validation discovered in

Avaya Call Management System could allow an unauthorized

remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.

AnalysisAI

CVE-2025-1041 is a security vulnerability (CVSS 9.9) that allows an unauthorized remote command. Critical severity with potential for significant impact on affected systems.

Technical ContextAI

CWE-20 (Improper Input Validation). CVSS 9.9 indicates critical severity with likely remote exploitation vector.

RemediationAI

Monitor vendor channels for patch availability.

Share

EUVD-2025-17628 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy