CVE-2025-20374

CWE-22Path TraversalCWE-200Information ExposureCWE-434Unrestricted File Upload4 documents4 sources
Severity
4.9MEDIUM
EPSS
0.2%
top 61.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Contact Center ExpressCisco Cisco Unified Contact Center Express
Timeline
PublishedNov 5

Description

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A successful exploit could allow the attacker to gain read access to arbitrary files on the underlying operating system. To exploit this vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVDcisco/unified_contact_center_express< 12.5\(1\)_su03_es07+1

🔴Vulnerability Details

2
GHSA
GHSA-gp2g-3xx9-59fw: A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary2025-11-05
CVEList
Cisco Unified Contact Center Express Arbitrary File Download Vulnerability2025-11-05

📋Vendor Advisories

1
Cisco
Multiple Cisco Contact Center Products Vulnerabilities2025-11-05
CVE-2025-20374 (MEDIUM CVSS 4.9) | A vulnerability in the web UI of Ci | cvebase.io