CVE-2025-1041

{"id": "CVE-2025-1041", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "securityalerts@avaya.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2025-06-10T06:15:22.000", "references": [{"url": "https://support.avaya.com/css/public/documents/101093084", "source": "securityalerts@avaya.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "securityalerts@avaya.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An improper input validation discovered in \n\nAvaya Call Management System\ncould allow an unauthorized \n\nremote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0."}, {"lang": "es", "value": "Una validaci\u00f3n de entrada incorrecta detectada en Avaya Call Management System podr\u00eda permitir un comando remoto no autorizado mediante una solicitud web especialmente manipulada. Las versiones afectadas incluyen la 18.x, la 19.x anterior a la 19.2.0.7 y la 20.x anterior a la 20.0.1.0."}], "lastModified": "2025-06-12T16:06:39.330", "sourceIdentifier": "securityalerts@avaya.com"}