π¨
SEVERITY: MEDIUM β CVSS 4.3
Security Advisory
TL;DR π
- A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to theβ¦
- No fixed release listed yet; apply mitigations and monitor.
- Workarounds are documented in the advisory.
- CVEs: CVE-2025-20129.
What happened π΅οΈββοΈ
A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data.