CVE-2025-1041

Critical CVSS: 9.9

An improper input validation discovered in

Avaya Call Management System
could allow an unauthorized

remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.

Vendor

Avaya

Product

Call Management System

CWE

CWE-20

Yayın Tarihi

2025-06-10 06:15:22

Güncelleme

2025-07-30 17:59:01

Source Identifier

securityalerts@avaya.com

KEV Date Added

Kategoriler

CWE-20 Call Management System CRITICAL Avaya 2025

Referanslar

https://support.avaya.com/css/public/documents/101093084

Benzer Kayıtlar

Medium

CVE-2025-49186

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short tim…

High

CVE-2024-12755

A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential di…

High

CVE-2024-12756

An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of…