LOWCVE-2025-20277CVSS 3.4

CVE-2025-20277: Path Traversal in Cisco Unified CCX

Platform

cisco

Component

cisco-unified-contact-center-express

Fixed in

10.6.1

10.5.1

10.6.1

12.0.1

10.0.1

10.6.1

11.0.1

11.5.1

10.5.1

11.6.1

12.5.1

11.6.1

12.5.1

12.0.1

12.5.1

11.6.1

12.5.1

12.0.1

11.6.1

12.0.1

11.6.1

10.6.1

11.0.1

10.6.1

10.5.1

10.0.1

11.5.1

11.6.1

11.5.1

9.0.1

10.6.1

11.6.1

10.6.1

11.5.1

8.5.1

11.0.1

12.5.1

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026

View on NVD

Save

CVE-2025-20277 describes a Path Traversal vulnerability affecting Cisco Unified Contact Center Express. This flaw allows an authenticated, local attacker to potentially execute arbitrary code on the affected device. The vulnerability impacts versions 10.0(1)SU1 through 12.5(1)SU3. Cisco has advised users to upgrade to a patched version to remediate this issue.

Impact and Attack Scenarios

Successful exploitation of CVE-2025-20277 could grant an attacker complete control over the Cisco Unified CCX device. This includes the ability to modify system configurations, steal sensitive data (call recordings, user credentials), and potentially pivot to other systems on the network. The requirement for administrative credentials limits the initial attack vector, but once gained, the impact is significant. The attack requires a crafted web request followed by a specific command via SSH, suggesting a degree of technical sophistication is needed, but the potential for remote code execution makes this a serious concern.

Exploitation Context

CVE-2025-20277 was publicly disclosed on June 4, 2025. The CVSS score of 3.4 (LOW) indicates a relatively low probability of exploitation, but the potential impact warrants attention. There are currently no publicly available proof-of-concept exploits, but the path traversal nature of the vulnerability makes it likely that one will emerge. This vulnerability is not currently listed on the CISA KEV catalog.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureLow

EPSS

0.04% (12% percentile)

CISA SSVC

Exploitationnone

Automatableno

Technical Impacttotal

CVSS Vector

What do these metrics mean?

Attack Vector: Local — attacker needs a local shell or interactive session on the system.
Attack Complexity: Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required: High — admin or privileged account required to exploit.
User Interaction: None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope: Unchanged — impact is limited to the vulnerable component itself.
Confidentiality: Low — partial or indirect data access. Attacker gains limited information.
Integrity: Low — attacker can modify some data with limited scope or impact.
Availability: None — no availability impact. Service remains fully operational.

Affected Software

Componentcisco-unified-contact-center-express

VendorCisco

Affected rangeFixed in

10.6(1) – 10.6(1)10.6.1

10.5(1)SU1 – 10.5(1)SU110.5.1

10.6(1)SU3 – 10.6(1)SU310.6.1

12.0(1) – 12.0(1)12.0.1

10.0(1)SU1 – 10.0(1)SU110.0.1

10.6(1)SU1 – 10.6(1)SU110.6.1

11.0(1)SU1 – 11.0(1)SU111.0.1

11.5(1)SU1 – 11.5(1)SU111.5.1

10.5(1) – 10.5(1)10.5.1

11.6(1) – 11.6(1)11.6.1

11.6(2) – 11.6(2)11.6.1

12.5(1) – 12.5(1)12.5.1

12.5(1)SU1 – 12.5(1)SU112.5.1

12.5(1)SU2 – 12.5(1)SU212.5.1

12.5(1)SU3 – 12.5(1)SU312.5.1

12.5(1)_SU03_ES01 – 12.5(1)_SU03_ES0112.5.1

12.5(1)_SU03_ES02 – 12.5(1)_SU03_ES0212.5.1

12.5(1)_SU02_ES03 – 12.5(1)_SU02_ES0312.5.1

12.5(1)_SU02_ES04 – 12.5(1)_SU02_ES0412.5.1

12.5(1)_SU02_ES02 – 12.5(1)_SU02_ES0212.5.1

12.5(1)_SU01_ES02 – 12.5(1)_SU01_ES0212.5.1

12.5(1)_SU01_ES03 – 12.5(1)_SU01_ES0312.5.1

12.5(1)_SU02_ES01 – 12.5(1)_SU02_ES0112.5.1

11.6(2)ES07 – 11.6(2)ES0711.6.1

11.6(2)ES08 – 11.6(2)ES0811.6.1

12.5(1)_SU01_ES01 – 12.5(1)_SU01_ES0112.5.1

12.0(1)ES04 – 12.0(1)ES0412.0.1

12.5(1)ES02 – 12.5(1)ES0212.5.1

12.5(1)ES03 – 12.5(1)ES0312.5.1

11.6(2)ES06 – 11.6(2)ES0611.6.1

12.5(1)ES01 – 12.5(1)ES0112.5.1

12.0(1)ES03 – 12.0(1)ES0312.0.1

12.0(1)ES01 – 12.0(1)ES0112.0.1

11.6(2)ES05 – 11.6(2)ES0511.6.1

12.0(1)ES02 – 12.0(1)ES0212.0.1

11.6(2)ES04 – 11.6(2)ES0411.6.1

11.6(2)ES03 – 11.6(2)ES0311.6.1

11.6(2)ES02 – 11.6(2)ES0211.6.1

11.6(2)ES01 – 11.6(2)ES0111.6.1

10.6(1)SU3ES03 – 10.6(1)SU3ES0310.6.1

11.0(1)SU1ES03 – 11.0(1)SU1ES0311.0.1

10.6(1)SU3ES01 – 10.6(1)SU3ES0110.6.1

10.5(1)SU1ES10 – 10.5(1)SU1ES1010.5.1

10.0(1)SU1ES04 – 10.0(1)SU1ES0410.0.1

11.5(1)SU1ES03 – 11.5(1)SU1ES0311.5.1

11.6(1)ES02 – 11.6(1)ES0211.6.1

11.5(1)ES01 – 11.5(1)ES0111.5.1

9.0(2)SU3ES04 – 9.0(2)SU3ES049.0.1

10.6(1)SU2 – 10.6(1)SU210.6.1

10.6(1)SU2ES04 – 10.6(1)SU2ES0410.6.1

11.6(1)ES01 – 11.6(1)ES0111.6.1

10.6(1)SU3ES02 – 10.6(1)SU3ES0210.6.1

11.5(1)SU1ES02 – 11.5(1)SU1ES0211.5.1

11.5(1)SU1ES01 – 11.5(1)SU1ES0111.5.1

8.5(1) – 8.5(1)8.5.1

11.0(1)SU1ES02 – 11.0(1)SU1ES0211.0.1

12.5(1)_SU03_ES03 – 12.5(1)_SU03_ES0312.5.1

12.5(1)_SU03_ES04 – 12.5(1)_SU03_ES0412.5.1

12.5(1)_SU03_ES05 – 12.5(1)_SU03_ES0512.5.1

12.5(1)_SU03_ES06 – 12.5(1)_SU03_ES0612.5.1

Weakness Classification (CWE)

CWE-22

Timeline

Reserved2024-10-10
Published2025-06-04
Modified2026-02-26
EPSS updated2026-03-23

Unpatched — 354 days since disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2025-20277 is to upgrade to a patched version of Cisco Unified Contact Center Express as soon as it becomes available. If an immediate upgrade is not possible, restrict access to the web-based management interface to only trusted administrators. Implement strong authentication measures, including multi-factor authentication, to prevent unauthorized access. Consider using a web application firewall (WAF) to filter potentially malicious requests targeting the vulnerable endpoint. Monitor system logs for suspicious activity, particularly SSH login attempts and unusual web requests.

How to fix

Update Cisco Unified Contact Center Express to a version that is not affected by this vulnerability. See the Cisco security advisory for more details and the fixed versions.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-20277 — Path Traversal in Cisco Unified CCX?

CVE-2025-20277 is a vulnerability in Cisco Unified Contact Center Express allowing authenticated local attackers to execute code via a path traversal flaw. It affects versions 10.0(1)SU1–12.5(1)SU3.

Am I affected by CVE-2025-20277 in Cisco Unified CCX?

If you are using Cisco Unified Contact Center Express versions 10.0(1)SU1 through 12.5(1)SU3, you are potentially affected by this vulnerability. Check your current version and upgrade if necessary.

How do I fix CVE-2025-20277 in Cisco Unified CCX?

The recommended fix is to upgrade to a patched version of Cisco Unified Contact Center Express as soon as it becomes available. Until then, restrict access and monitor logs.

Is CVE-2025-20277 being actively exploited?

As of June 4, 2025, there are no confirmed reports of active exploitation, but the vulnerability's nature suggests potential for future exploitation.

Where can I find the official Cisco advisory for CVE-2025-20277?

Please refer to the official Cisco Security Advisory for CVE-2025-20277 on the Cisco website (search for the CVE ID on Cisco.com).

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free Search CVEs