Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-20276

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.  This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by sending a crafted Java object to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.

Published

2025-06-04T17:15:27.547

Last Modified

2025-07-22T13:40:15.643

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.8 (LOW)

Weaknesses

Type: Secondary
CWE-502

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	unified_contact_center_express	8.5\(1\)	Yes
Application	cisco	unified_contact_center_express	9.0\(2\)su3es04	Yes
Application	cisco	unified_contact_center_express	10.0\(1\)su1	Yes
Application	cisco	unified_contact_center_express	10.0\(1\)su1es04	Yes
Application	cisco	unified_contact_center_express	10.5\(1\)	Yes
Application	cisco	unified_contact_center_express	10.5\(1\)su1	Yes
Application	cisco	unified_contact_center_express	10.5\(1\)su1es10	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su1	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su2	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su2es04	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3es01	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3es02	Yes
Application	cisco	unified_contact_center_express	10.6\(1\)su3es03	Yes
Application	cisco	unified_contact_center_express	11.0\(1\)su1	Yes
Application	cisco	unified_contact_center_express	11.0\(1\)su1es02	Yes
Application	cisco	unified_contact_center_express	11.0\(1\)su1es03	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)es01	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1es01	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1es02	Yes
Application	cisco	unified_contact_center_express	11.5\(1\)su1es03	Yes
Application	cisco	unified_contact_center_express	11.6\(1\)	Yes
Application	cisco	unified_contact_center_express	11.6\(1\)es01	Yes
Application	cisco	unified_contact_center_express	11.6\(1\)es02	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es01	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es02	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es03	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es04	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es05	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es06	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es07	Yes
Application	cisco	unified_contact_center_express	11.6\(2\)es08	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es01	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es02	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es03	Yes
Application	cisco	unified_contact_center_express	12.0\(1\)es04	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su01_es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su01_es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su01_es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su02_es04	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es04	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es05	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)_su03_es06	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)es01	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)es02	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)es03	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)su1	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)su2	Yes
Application	cisco	unified_contact_center_express	12.5\(1\)su3	Yes

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL Vendor Advisory ([email protected])