9.8

CVE-2025-20354

Medienbericht

EPSS 0.14%
Veröffentlicht 05.11.2025 16:31:14
Zuletzt bearbeitet 07.11.2025 15:44:35
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system.

This vulnerability is due to improper authentication mechanisms that are associated to specific Cisco Unified CCX features. An attacker could exploit this vulnerability by uploading a crafted file to an affected system through the Java RMI process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Unified Contact Center Express Version < 12.5\(1\)_su03_es07

Cisco ≫ Unified Contact Center Express Version15.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.341

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.heise.de/news/Cisco-Teils-kritische-Sicherheitsluecken-in-mehreren-Produkten-11067359.html

Medienbericht

heise Security

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-20354

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-20354

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-20354

EUVD