Unrated severityNVD Advisory· Published Nov 5, 2025· Updated Nov 5, 2025

Cisco Unified Contact Center Express Arbitrary File Download Vulnerability

CVE-2025-20374

Description

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources.

This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A successful exploit could allow the attacker to gain read access to arbitrary files on the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials.

Affected products

Cisco Systems, Inc./Unified Ccxllm-fuzzy
Cisco/Cisco Unified Contact Center Expressv5
Range: 10.5(1)SU1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSnmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000