Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-20274

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system and execute arbitrary commands on the operating system. The Security Impact Rating (SIR) of this advisory has been raised to High because an attacker could elevate privileges to root. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Report Designer.

Published

2025-07-16T17:15:29.073

Last Modified

2025-07-22T14:37:11.210

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	unified_intelligence_center	10.5\(1\)	Yes
Application	cisco	unified_intelligence_center	11.0\(1\)	Yes
Application	cisco	unified_intelligence_center	11.0\(2\)	Yes
Application	cisco	unified_intelligence_center	11.0\(3\)	Yes
Application	cisco	unified_intelligence_center	11.5\(1\)	Yes
Application	cisco	unified_intelligence_center	11.6\(1\)	Yes
Application	cisco	unified_intelligence_center	12.0\(1\)	Yes
Application	cisco	unified_intelligence_center	12.5\(1\)	Yes
Application	cisco	unified_intelligence_center	12.5\(1\)su	Yes
Application	cisco	unified_intelligence_center	12.6\(1\)	Yes
Application	cisco	unified_intelligence_center	12.6\(1\)_es05_et	Yes
Application	cisco	unified_intelligence_center	12.6\(1\)_et	Yes
Application	cisco	unified_intelligence_center	12.6\(2\)	Yes
Application	cisco	unified_contact_center_express	10.5\(1\)	Yes
Application	cisco	unified_contact_center_express	10.5\(1\)su1	Yes
Application	cisco	unified_contact_center_express	10.5\(1\)su1es10	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su1	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su2	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su2es04	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3es01	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3es02	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3es03	Yes
Application	cisco	unified_contact_center_express	11.0\(1\)su1	Yes
Application	cisco	unified_contact_center_express	11.0\(1\)su1es02	Yes
Application	cisco	unified_contact_center_express	11.0\(1\)su1es03	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)es01	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1es01	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1es02	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1es03	Yes
Application	cisco	unified_contact_center_express	11.6\(1\)	Yes
Application	cisco	unified_contact_center_express	11.6\(1\)es01	Yes
Application	cisco	unified_contact_center_express	11.6\(1\)es02	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es01	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es02	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es03	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es04	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es05	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es06	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es07	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es08	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es01	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es02	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es03	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es04	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su01_es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su01_es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su01_es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es04	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es04	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es05	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es06	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)su1	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)su2	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)su3	Yes

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-file-upload-UhNEtStm Vendor Advisory ([email protected])