CVE-2025-20277

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.

This vulnerability is due to improper limitation of a pathname to a restricted directory (path traversal). An attacker could exploit this vulnerability by sending a crafted web request to an affected device, followed by a specific command through an SSH session. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.4 LOW
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
ciscoCNA
3.4 LOW
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
ciscounified_contact_center_express
8.5\(1\)
ciscounified_contact_center_express
9.0\(2\)su3es04
ciscounified_contact_center_express
10.0\(1\)su1
ciscounified_contact_center_express
10.0\(1\)su1es04
ciscounified_contact_center_express
10.5\(1\)
ciscounified_contact_center_express
10.5\(1\)su1
ciscounified_contact_center_express
10.5\(1\)su1es10
ciscounified_contact_center_express
10.6\(1\)
ciscounified_contact_center_express
10.6\(1\)su1
ciscounified_contact_center_express
10.6\(1\)su2
ciscounified_contact_center_express
10.6\(1\)su2es04
ciscounified_contact_center_express
10.6\(1\)su3
ciscounified_contact_center_express
10.6\(1\)su3es01
ciscounified_contact_center_express
10.6\(1\)su3es02
ciscounified_contact_center_express
10.6\(1\)su3es03
ciscounified_contact_center_express
11.0\(1\)su1
ciscounified_contact_center_express
11.0\(1\)su1es02
ciscounified_contact_center_express
11.0\(1\)su1es03
ciscounified_contact_center_express
11.5\(1\)es01
ciscounified_contact_center_express
11.5\(1\)su1
ciscounified_contact_center_express
11.5\(1\)su1es01
ciscounified_contact_center_express
11.5\(1\)su1es02
ciscounified_contact_center_express
11.5\(1\)su1es03
ciscounified_contact_center_express
11.6\(1\)
ciscounified_contact_center_express
11.6\(1\)es01
ciscounified_contact_center_express
11.6\(1\)es02
ciscounified_contact_center_express
11.6\(2\)
ciscounified_contact_center_express
11.6\(2\)es01
ciscounified_contact_center_express
11.6\(2\)es02
ciscounified_contact_center_express
11.6\(2\)es03
ciscounified_contact_center_express
11.6\(2\)es04
ciscounified_contact_center_express
11.6\(2\)es05
ciscounified_contact_center_express
11.6\(2\)es06
ciscounified_contact_center_express
11.6\(2\)es07
ciscounified_contact_center_express
11.6\(2\)es08
ciscounified_contact_center_express
12.0\(1\)
ciscounified_contact_center_express
12.0\(1\)es01
ciscounified_contact_center_express
12.0\(1\)es02
ciscounified_contact_center_express
12.0\(1\)es03
ciscounified_contact_center_express
12.0\(1\)es04
ciscounified_contact_center_express
12.5\(1\)
ciscounified_contact_center_express
12.5\(1\)_su01_es01
ciscounified_contact_center_express
12.5\(1\)_su01_es02
ciscounified_contact_center_express
12.5\(1\)_su01_es03
ciscounified_contact_center_express
12.5\(1\)_su02_es01
ciscounified_contact_center_express
12.5\(1\)_su02_es02
ciscounified_contact_center_express
12.5\(1\)_su02_es03
ciscounified_contact_center_express
12.5\(1\)_su02_es04
ciscounified_contact_center_express
12.5\(1\)_su03_es01
ciscounified_contact_center_express
12.5\(1\)_su03_es02
ciscounified_contact_center_express
12.5\(1\)_su03_es03
ciscounified_contact_center_express
12.5\(1\)_su03_es04
ciscounified_contact_center_express
12.5\(1\)_su03_es05
ciscounified_contact_center_express
12.5\(1\)_su03_es06
ciscounified_contact_center_express
12.5\(1\)es01
ciscounified_contact_center_express
12.5\(1\)es02
ciscounified_contact_center_express
12.5\(1\)es03
ciscounified_contact_center_express
12.5\(1\)su1
ciscounified_contact_center_express
12.5\(1\)su2
ciscounified_contact_center_express
12.5\(1\)su3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL