CVE-2025-20139

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-20139
A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit this vulnerability by sending malicious requests to a messaging chat entry point in the affected application. A successful exploit could allow the attacker to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its own and may need an administrator to manually restart services to recover.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-tC6m9GZ8 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*
History

06 Aug 2025, 20:03

Type Values Removed Values Added
CPE cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*
First Time Cisco enterprise Chat And Email
Cisco
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-tC6m9GZ8 - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-tC6m9GZ8 - Vendor Advisory

07 Apr 2025, 14:18

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en las funciones de mensajería de chat de Cisco Enterprise Chat and Email (ECE) podría permitir que un atacante remoto no autenticado provoque una denegación de servicio (DoS). Esta vulnerabilidad se debe a una validación incorrecta de la información proporcionada por el usuario en los puntos de entrada del chat. Un atacante podría explotar esta vulnerabilidad enviando solicitudes maliciosas a un punto de entrada del chat de la aplicación afectada. Si se explota con éxito, el atacante podría provocar que la aplicación deje de responder, lo que provocaría una denegación de servicio (DoS). Es posible que la aplicación no se recupere por sí sola y que un administrador deba reiniciar los servicios manualmente.

02 Apr 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-02 17:15

Updated : 2025-08-06 20:03

NVD link : CVE-2025-20139

Mitre link : CVE-2025-20139

CVE.ORG link : CVE-2025-20139

JSON object : View

Products Affected

cisco

  • enterprise_chat_and_email
CWE
CWE-185

Incorrect Regular Expression