CVE-2025-20274

16.07.2025, 17:15

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device.

This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system and execute arbitrary commands on the operating system. The Security Impact Rating (SIR) of this advisory has been raised to High because an attacker could elevate privileges to root. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Report Designer.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cisco	CNA	6.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 52%

Vendor	Product	Version
cisco	unified_intelligence_center	10.5\(1\)
cisco	unified_intelligence_center	11.0\(1\)
cisco	unified_intelligence_center	11.0\(2\)
cisco	unified_intelligence_center	11.0\(3\)
cisco	unified_intelligence_center	11.5\(1\)
cisco	unified_intelligence_center	11.6\(1\)
cisco	unified_intelligence_center	12.0\(1\)
cisco	unified_intelligence_center	12.5\(1\)
cisco	unified_intelligence_center	12.5\(1\)su
cisco	unified_intelligence_center	12.6\(1\)
cisco	unified_intelligence_center	12.6\(1\)_es05_et
cisco	unified_intelligence_center	12.6\(1\)_et
cisco	unified_intelligence_center	12.6\(2\)
cisco	unified_contact_center_express	10.5\(1\)
cisco	unified_contact_center_express	10.5\(1\)su1
cisco	unified_contact_center_express	10.5\(1\)su1es10
cisco	unified_contact_center_express	10.6\(1\)
cisco	unified_contact_center_express	10.6\(1\)su1
cisco	unified_contact_center_express	10.6\(1\)su2
cisco	unified_contact_center_express	10.6\(1\)su2es04
cisco	unified_contact_center_express	10.6\(1\)su3
cisco	unified_contact_center_express	10.6\(1\)su3es01
cisco	unified_contact_center_express	10.6\(1\)su3es02
cisco	unified_contact_center_express	10.6\(1\)su3es03
cisco	unified_contact_center_express	11.0\(1\)su1
cisco	unified_contact_center_express	11.0\(1\)su1es02
cisco	unified_contact_center_express	11.0\(1\)su1es03
cisco	unified_contact_center_express	11.5\(1\)es01
cisco	unified_contact_center_express	11.5\(1\)su1
cisco	unified_contact_center_express	11.5\(1\)su1es01
cisco	unified_contact_center_express	11.5\(1\)su1es02
cisco	unified_contact_center_express	11.5\(1\)su1es03
cisco	unified_contact_center_express	11.6\(1\)
cisco	unified_contact_center_express	11.6\(1\)es01
cisco	unified_contact_center_express	11.6\(1\)es02
cisco	unified_contact_center_express	11.6\(2\)
cisco	unified_contact_center_express	11.6\(2\)es01
cisco	unified_contact_center_express	11.6\(2\)es02
cisco	unified_contact_center_express	11.6\(2\)es03
cisco	unified_contact_center_express	11.6\(2\)es04
cisco	unified_contact_center_express	11.6\(2\)es05
cisco	unified_contact_center_express	11.6\(2\)es06
cisco	unified_contact_center_express	11.6\(2\)es07
cisco	unified_contact_center_express	11.6\(2\)es08
cisco	unified_contact_center_express	12.0\(1\)
cisco	unified_contact_center_express	12.0\(1\)es01
cisco	unified_contact_center_express	12.0\(1\)es02
cisco	unified_contact_center_express	12.0\(1\)es03
cisco	unified_contact_center_express	12.0\(1\)es04
cisco	unified_contact_center_express	12.5\(1\)
cisco	unified_contact_center_express	12.5\(1\)_su01_es01
cisco	unified_contact_center_express	12.5\(1\)_su01_es02
cisco	unified_contact_center_express	12.5\(1\)_su01_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es01
cisco	unified_contact_center_express	12.5\(1\)_su02_es02
cisco	unified_contact_center_express	12.5\(1\)_su02_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es01
cisco	unified_contact_center_express	12.5\(1\)_su03_es02
cisco	unified_contact_center_express	12.5\(1\)_su03_es03
cisco	unified_contact_center_express	12.5\(1\)_su03_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es05
cisco	unified_contact_center_express	12.5\(1\)_su03_es06
cisco	unified_contact_center_express	12.5\(1\)es01
cisco	unified_contact_center_express	12.5\(1\)es02
cisco	unified_contact_center_express	12.5\(1\)es03
cisco	unified_contact_center_express	12.5\(1\)su1
cisco	unified_contact_center_express	12.5\(1\)su2
cisco	unified_contact_center_express	12.5\(1\)su3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-434 - Unrestricted Upload of File with Dangerous Type
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-file-upload-UhNEtStm