CVE-2025-20275

Published: Jun 4, 2025Modified: Jul 22, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device.  This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading an authenticated, local user to open a crafted .aef file. A successful exploit could allow the attacker to execute arbitrary code on the host that is running the editor application with the privileges of the user who launched it.

Affected (60)

Products: Cisco: Unified Contact Center Express

Cisco

1 product

Unified Contact Center Express

Configuration A

60 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Contact Center Express	Version 10.0(1)su1
Cisco Unified Contact Center Express	Version 10.0(1)su1es04
Cisco Unified Contact Center Express	Version 10.5(1)
Cisco Unified Contact Center Express	Version 10.5(1)su1
Cisco Unified Contact Center Express	Version 10.5(1)su1es10
Cisco Unified Contact Center Express	Version 10.6(1)
Cisco Unified Contact Center Express	Version 10.6(1)su1
Cisco Unified Contact Center Express	Version 10.6(1)su2
Cisco Unified Contact Center Express	Version 10.6(1)su2es04
Cisco Unified Contact Center Express	Version 10.6(1)su3
Cisco Unified Contact Center Express	Version 10.6(1)su3es01
Cisco Unified Contact Center Express	Version 10.6(1)su3es02
Cisco Unified Contact Center Express	Version 10.6(1)su3es03
Cisco Unified Contact Center Express	Version 11.0(1)su1
Cisco Unified Contact Center Express	Version 11.0(1)su1es02
Cisco Unified Contact Center Express	Version 11.0(1)su1es03
Cisco Unified Contact Center Express	Version 11.5(1)es01
Cisco Unified Contact Center Express	Version 11.5(1)su1
Cisco Unified Contact Center Express	Version 11.5(1)su1es01
Cisco Unified Contact Center Express	Version 11.5(1)su1es02
Cisco Unified Contact Center Express	Version 11.5(1)su1es03
Cisco Unified Contact Center Express	Version 11.6(1)
Cisco Unified Contact Center Express	Version 11.6(1)es01
Cisco Unified Contact Center Express	Version 11.6(1)es02
Cisco Unified Contact Center Express	Version 11.6(2)
Cisco Unified Contact Center Express	Version 11.6(2)es01
Cisco Unified Contact Center Express	Version 11.6(2)es02
Cisco Unified Contact Center Express	Version 11.6(2)es03
Cisco Unified Contact Center Express	Version 11.6(2)es04
Cisco Unified Contact Center Express	Version 11.6(2)es05
Cisco Unified Contact Center Express	Version 11.6(2)es06
Cisco Unified Contact Center Express	Version 11.6(2)es07
Cisco Unified Contact Center Express	Version 11.6(2)es08
Cisco Unified Contact Center Express	Version 12.0(1)
Cisco Unified Contact Center Express	Version 12.0(1)es01
Cisco Unified Contact Center Express	Version 12.0(1)es02
Cisco Unified Contact Center Express	Version 12.0(1)es03
Cisco Unified Contact Center Express	Version 12.0(1)es04
Cisco Unified Contact Center Express	Version 12.5(1)
Cisco Unified Contact Center Express	Version 12.5(1)_su01_es01
Cisco Unified Contact Center Express	Version 12.5(1)_su01_es02
Cisco Unified Contact Center Express	Version 12.5(1)_su01_es03
Cisco Unified Contact Center Express	Version 12.5(1)_su02_es01
Cisco Unified Contact Center Express	Version 12.5(1)_su02_es02
Cisco Unified Contact Center Express	Version 12.5(1)_su02_es03
Cisco Unified Contact Center Express	Version 12.5(1)_su02_es04
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es01
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es02
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es03
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es04
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es05
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es06
Cisco Unified Contact Center Express	Version 12.5(1)es01
Cisco Unified Contact Center Express	Version 12.5(1)es02
Cisco Unified Contact Center Express	Version 12.5(1)es03
Cisco Unified Contact Center Express	Version 12.5(1)su1
Cisco Unified Contact Center Express	Version 12.5(1)su2
Cisco Unified Contact Center Express	Version 12.5(1)su3
Cisco Unified Contact Center Express	Version 8.5(1)
Cisco Unified Contact Center Express	Version 9.0(2)su3es04

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-editor-rce-ezyYZte8

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.