CVE-2025-20275

CWE-502Deserialization of Untrusted Data4 documents4 sources
Severity
7.8HIGH
EPSS
0.6%
top 29.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Unified Contact Center ExpressCisco Unified Contact Center Express
Timeline
PublishedJun 4

Description

A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device. This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading an authenticated, local user to open a crafted .aef file. A successful exploit could allow the attacker to execute arbitrary code on the host that is

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-wh83-8497-cgfq: A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to ex2025-06-04
CVEList
Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability2025-06-04

📋Vendor Advisories

1
Cisco
Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability2025-06-04
CVE-2025-20275 (HIGH CVSS 7.8) | A vulnerability in the file opening | cvebase.io