CVE-2025-20277

LOW

Cisco Unified CCX - Authenticated RCE

Title source: llm

Description

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper limitation of a pathname to a restricted directory (path traversal). An attacker could exploit this vulnerability by sending a crafted web request to an affected device, followed by a specific command through an SSH session. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.

References (1)

Core 1

Core References

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL

Scores

CVSS v3 3.4

EPSS 0.0011

EPSS Percentile 29.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (50)

cisco/unified_contact_center_express 8.5\(1\)

cisco/unified_contact_center_express 9.0\(2\)su3es04

cisco/unified_contact_center_express 10.0\(1\)su1

cisco/unified_contact_center_express 10.0\(1\)su1es04

cisco/unified_contact_center_express 10.5\(1\)

cisco/unified_contact_center_express 10.5\(1\)su1

cisco/unified_contact_center_express 10.5\(1\)su1es10

cisco/unified_contact_center_express 10.6\(1\)

cisco/unified_contact_center_express 10.6\(1\)su1

cisco/unified_contact_center_express 10.6\(1\)su2

... and 40 more

Published Jun 04, 2025

Tracked Since Feb 18, 2026