CVE-2025-20276

Published: Jun 4, 2025Modified: Jul 22, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.  This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by sending a crafted Java object to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.

Affected (60)

Products: Cisco: Unified Contact Center Express

Cisco

1 product

Unified Contact Center Express

Configuration A

60 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Contact Center Express	Version 10.0(1)su1
Cisco Unified Contact Center Express	Version 10.0(1)su1es04
Cisco Unified Contact Center Express	Version 10.5(1)
Cisco Unified Contact Center Express	Version 10.5(1)su1
Cisco Unified Contact Center Express	Version 10.5(1)su1es10
Cisco Unified Contact Center Express	Version 10.6(1)
Cisco Unified Contact Center Express	Version 10.6(1)su1
Cisco Unified Contact Center Express	Version 10.6(1)su2
Cisco Unified Contact Center Express	Version 10.6(1)su2es04
Cisco Unified Contact Center Express	Version 10.6(1)su3
Cisco Unified Contact Center Express	Version 10.6(1)su3es01
Cisco Unified Contact Center Express	Version 10.6(1)su3es02
Cisco Unified Contact Center Express	Version 10.6(1)su3es03
Cisco Unified Contact Center Express	Version 11.0(1)su1
Cisco Unified Contact Center Express	Version 11.0(1)su1es02
Cisco Unified Contact Center Express	Version 11.0(1)su1es03
Cisco Unified Contact Center Express	Version 11.5(1)es01
Cisco Unified Contact Center Express	Version 11.5(1)su1
Cisco Unified Contact Center Express	Version 11.5(1)su1es01
Cisco Unified Contact Center Express	Version 11.5(1)su1es02
Cisco Unified Contact Center Express	Version 11.5(1)su1es03
Cisco Unified Contact Center Express	Version 11.6(1)
Cisco Unified Contact Center Express	Version 11.6(1)es01
Cisco Unified Contact Center Express	Version 11.6(1)es02
Cisco Unified Contact Center Express	Version 11.6(2)
Cisco Unified Contact Center Express	Version 11.6(2)es01
Cisco Unified Contact Center Express	Version 11.6(2)es02
Cisco Unified Contact Center Express	Version 11.6(2)es03
Cisco Unified Contact Center Express	Version 11.6(2)es04
Cisco Unified Contact Center Express	Version 11.6(2)es05
Cisco Unified Contact Center Express	Version 11.6(2)es06
Cisco Unified Contact Center Express	Version 11.6(2)es07
Cisco Unified Contact Center Express	Version 11.6(2)es08
Cisco Unified Contact Center Express	Version 12.0(1)
Cisco Unified Contact Center Express	Version 12.0(1)es01
Cisco Unified Contact Center Express	Version 12.0(1)es02
Cisco Unified Contact Center Express	Version 12.0(1)es03
Cisco Unified Contact Center Express	Version 12.0(1)es04
Cisco Unified Contact Center Express	Version 12.5(1)
Cisco Unified Contact Center Express	Version 12.5(1)_su01_es01
Cisco Unified Contact Center Express	Version 12.5(1)_su01_es02
Cisco Unified Contact Center Express	Version 12.5(1)_su01_es03
Cisco Unified Contact Center Express	Version 12.5(1)_su02_es01
Cisco Unified Contact Center Express	Version 12.5(1)_su02_es02
Cisco Unified Contact Center Express	Version 12.5(1)_su02_es03
Cisco Unified Contact Center Express	Version 12.5(1)_su02_es04
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es01
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es02
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es03
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es04
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es05
Cisco Unified Contact Center Express	Version 12.5(1)_su03_es06
Cisco Unified Contact Center Express	Version 12.5(1)es01
Cisco Unified Contact Center Express	Version 12.5(1)es02
Cisco Unified Contact Center Express	Version 12.5(1)es03
Cisco Unified Contact Center Express	Version 12.5(1)su1
Cisco Unified Contact Center Express	Version 12.5(1)su2
Cisco Unified Contact Center Express	Version 12.5(1)su3
Cisco Unified Contact Center Express	Version 8.5(1)
Cisco Unified Contact Center Express	Version 9.0(2)su3es04

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.