CVE-2025-20376

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a malicious file to the web UI and executing it. A successful exploit could allow the attacker to execute arbitrary commands on the underlying system and elevate privileges to root. To exploit this vulnerability, the attacker must have valid administrative credentials.

Severity	MEDIUM
CVSS	6.5
CWE	CWE-434
KEV
Published	6 months ago
Modified	6 months ago

Related Products

Product	Advisory
Cisco Nexus Dashboard	cisco-sa-cc-mult-vuln-gK4TFXSn
Cisco Application Centric Infrastructure Virtual Edge	cisco-sa-cc-mult-vuln-gK4TFXSn
Cisco Unified Intelligence Center	cisco-sa-cc-mult-vuln-gK4TFXSn
Cisco Unified Contact Center Express	cisco-sa-cc-mult-vuln-gK4TFXSn
Cisco Unified Contact Center Enterprise	cisco-sa-cc-mult-vuln-gK4TFXSn
Cisco Unified Contact Center	cisco-sa-cc-mult-vuln-gK4TFXSn
Cisco Packaged Contact Center Enterprise	cisco-sa-cc-mult-vuln-gK4TFXSn