CVE-2025-20376Unrestricted File Upload in Cisco Unified Contact Center Express

CWE-434Unrestricted File UploadCWE-200Sensitive Information ExposureCWE-22Path Traversal4 documents4 sources
Severity
7.2HIGHNVD
CNA6.5
EPSS
0.0%
top 86.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Contact Center ExpressCisco Unified Contact Center Express
Timeline
PublishedNov 5

Description

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a malicious file to the web UI and executing it. A successful exploit could allow the attacker to execute arbitrary commands on the underlying system and elevate privileges to root. To exploit this vulnera

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDcisco/unified_contact_center_express< 12.5\(1\)_su03_es07+1

🔴Vulnerability Details

2
GHSA
GHSA-x3h8-2mvf-vv78: A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files2025-11-05
CVEList
Cisco Unified Contact Center Express Remote Code Execution Vulnerability2025-11-05

📋Vendor Advisories

1
Cisco
Multiple Cisco Contact Center Products Vulnerabilities2025-11-05
CVE-2025-20376 — Unrestricted File Upload in Cisco | cvebase