A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources.
This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A successful exploit could allow the attacker to gain read access to arbitrary files on the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials.
References
| Link | Resource |
|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSn | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
17 Nov 2025, 19:40
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSn - Vendor Advisory | |
| CPE | cpe:2.3:a:cisco:unified_contact_center_express:15.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:* |
|
| First Time |
Cisco unified Contact Center Express
Cisco |
05 Nov 2025, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-11-05 17:15
Updated : 2025-11-17 19:40
NVD link : CVE-2025-20374
Mitre link : CVE-2025-20374
CVE.ORG link : CVE-2025-20374
JSON object : View
Products Affected
cisco
- unified_contact_center_express
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')