CVE-2025-20375Unrestricted File Upload in Cisco Unified Contact Center Express

CWE-434Unrestricted File UploadCWE-200Sensitive Information ExposureCWE-22Path Traversal4 documents4 sources
Severity
7.2HIGHNVD
CNA6.5
EPSS
0.1%
top 84.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Contact Center ExpressCisco Unified Contact Center Express
Timeline
PublishedNov 5

Description

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a crafted file to the web UI. A successful exploit could allow the attacker to upload arbitrary files to a vulnerable system and execute them, gaining access to the underlying operating system. To exploit th

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDcisco/unified_contact_center_express< 12.5\(1\)_su03_es07+1

🔴Vulnerability Details

2
GHSA
GHSA-vcvf-6gw2-rm4v: A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files2025-11-05
CVEList
Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability2025-11-05

📋Vendor Advisories

1
Cisco
Multiple Cisco Contact Center Products Vulnerabilities2025-11-05
CVE-2025-20375 — Unrestricted File Upload in Cisco | cvebase