CVE-2025-1041

EPSS 0.14%
Published 10.06.2025 06:15:22
Last modified 30.07.2025 17:59:01
Source securityalerts@avaya.com
Teams watchlist Login
Open Login

An improper input validation discovered in 

Avaya Call Management System
could allow an unauthorized 

remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Avaya ≫ Call Management System Version >= 18.0.0.1 < 19.2.0.7

Avaya ≫ Call Management System Version >= 20.0 < 20.0.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.34

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
securityalerts@avaya.com	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://support.avaya.com/css/public/documents/101093084

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-1041

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1041

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1041

EUVD