CVE-2025-20375 — Vulnetix

CVE-2025-20375 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a crafted file to the web UI. A successful exploit could allow the attacker to upload arbitrary files to a vulnerable system and execute them, gaining access to the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials.

EPSS 0.06% · 17.9th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.06%

17.9th percentile

Affected Products

Vendor	Product	Versions
cisco	unified_contact_center_express	0, 15.0
Cisco	Cisco Unified Contact Center Express	10.5(1)SU1, 11.6(1), 10.6(1)SU1

Exploit Intelligence

cisco-sa-cc-mult-vuln-gK4TFXSn (circl)

Timeline

Oct 10, 2024 CVE ID Reserved
Nov 5, 2025 Coalition ESS Score
Nov 5, 2025 CVE Published
Nov 6, 2025 EPSS Score
Nov 6, 2025 Coalition ESS Score
Nov 7, 2025 Coalition ESS Score
Nov 11, 2025 EPSS Score
Nov 12, 2025 Coalition ESS Score
Nov 17, 2025 EPSS Score
Nov 17, 2025 Coalition ESS Score
Nov 22, 2025 EPSS Score
Nov 22, 2025 Coalition ESS Score

References

cisco-sa-cc-mult-vuln-gK4TFXSn url
https://nvd.nist.gov/vuln/detail/CVE-2025-20375 advisory

Open in Interactive Console →