CVE-2025-20276

CWE-502Deserialization of Untrusted DataCWE-22Path TraversalCWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
7.2HIGH
EPSS
1.5%
top 18.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Unified Contact Center ExpressCisco Unified Contact Center Express
Timeline
PublishedJun 4

Description

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by sending a crafted Java object to an affected device. A successful exploit could allow the attacke

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 1.2 | Impact: 2.5

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
Cisco Unified Contact Center Express Remote Code Execution Vulnerability2025-06-04
GHSA
GHSA-v453-hjcv-294p: A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on2025-06-04

📋Vendor Advisories

1
Cisco
Cisco Unified Contact Center Express Vulnerabilities2025-06-04
CVE-2025-20276 (HIGH CVSS 7.2) | A vulnerability in the web-based ma | cvebase.io