Vulnerability Database

296,147

Total vulnerabilities in the database

CVE-2025-1041

An improper input validation discovered in

Avaya Call Management System could allow an unauthorized

remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.

  • Published: Jun 10, 2025
  • Updated: Jul 31, 2025
  • CVE: CVE-2025-1041
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Software From Fixed in
avaya / call_management_system 18.0.0.1 19.2.0.7
avaya / call_management_system 20.0 20.0.1.0