← volver
CVE-2025-20374

Cisco Unified Contact Center Express Arbitrary File Download Vulnerability

CVSS 4.9 MEDIUMEPSS 0.9%CWE-22
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.9EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
05 nov 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A successful exploit could allow the attacker to gain read access to arbitrary files on the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N