CVE-2025-20274 — Unrestricted File Upload in Cisco Unified Contact Center Express

CWE-434 — Unrestricted File Upload4 documents4 sources

Severity

8.8HIGHNVD

CNA6.3

EPSS

0.4%

top 42.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Contact Center Express Cisco Unified Intelligence Center Cisco Unified Contact Center Express +1 more

Timeline

PublishedJul 16

Description

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system and execute arbi…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDcisco/unified_intelligence_center13 versions+12

▶CVEListV5cisco/cisco_unified_intelligence_center22 versions+21

▶NVDcisco/unified_contact_center_express56 versions+55

▶CVEListV5cisco/cisco_unified_contact_center_express56 versions+55

🔴Vulnerability Details

GHSA

GHSA-phq6-884q-fxgr: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arb↗2025-07-16

▶

CVEList

Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability↗2025-07-16

▶

📋Vendor Advisories

Cisco

Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability↗2025-07-16

▶