Platform
cisco
Component
cisco-unified-contact-center-express
Fixed in
10.6.1
10.5.1
10.6.1
12.0.1
10.0.1
10.6.1
11.0.1
11.5.1
10.5.1
11.6.1
11.6.1
12.5.1
12.5.1
12.5.1
12.5.1
12.5.1
12.5.1
12.5.1
12.5.1
12.5.1
12.5.1
12.5.1
12.5.1
11.6.1
11.6.1
12.5.1
12.0.1
12.5.1
12.5.1
11.6.1
12.5.1
12.0.1
12.0.1
11.6.1
12.0.1
11.6.1
11.6.1
11.6.1
11.6.1
10.6.1
11.0.1
10.6.1
10.5.1
10.0.1
11.5.1
11.6.1
11.5.1
9.0.1
10.6.1
10.6.1
11.6.1
10.6.1
11.5.1
11.5.1
8.5.1
11.0.1
12.5.1
12.5.1
12.5.1
12.5.1
CVE-2025-20277 describes a Path Traversal vulnerability affecting Cisco Unified Contact Center Express. This flaw allows an authenticated, local attacker to potentially execute arbitrary code on the affected device. The vulnerability impacts versions 10.0(1)SU1 through 12.5(1)SU3. Cisco has advised users to upgrade to a patched version to remediate this issue.
Successful exploitation of CVE-2025-20277 could grant an attacker complete control over the Cisco Unified CCX device. This includes the ability to modify system configurations, steal sensitive data (call recordings, user credentials), and potentially pivot to other systems on the network. The requirement for administrative credentials limits the initial attack vector, but once gained, the impact is significant. The attack requires a crafted web request followed by a specific command via SSH, suggesting a degree of technical sophistication is needed, but the potential for remote code execution makes this a serious concern.
CVE-2025-20277 was publicly disclosed on June 4, 2025. The CVSS score of 3.4 (LOW) indicates a relatively low probability of exploitation, but the potential impact warrants attention. There are currently no publicly available proof-of-concept exploits, but the path traversal nature of the vulnerability makes it likely that one will emerge. This vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-20277 is to upgrade to a patched version of Cisco Unified Contact Center Express as soon as it becomes available. If an immediate upgrade is not possible, restrict access to the web-based management interface to only trusted administrators. Implement strong authentication measures, including multi-factor authentication, to prevent unauthorized access. Consider using a web application firewall (WAF) to filter potentially malicious requests targeting the vulnerable endpoint. Monitor system logs for suspicious activity, particularly SSH login attempts and unusual web requests.
Update Cisco Unified Contact Center Express to a version that is not affected by this vulnerability. See the Cisco security advisory for more details and the fixed versions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-20277 is a vulnerability in Cisco Unified Contact Center Express allowing authenticated local attackers to execute code via a path traversal flaw. It affects versions 10.0(1)SU1–12.5(1)SU3.
If you are using Cisco Unified Contact Center Express versions 10.0(1)SU1 through 12.5(1)SU3, you are potentially affected by this vulnerability. Check your current version and upgrade if necessary.
The recommended fix is to upgrade to a patched version of Cisco Unified Contact Center Express as soon as it becomes available. Until then, restrict access and monitor logs.
As of June 4, 2025, there are no confirmed reports of active exploitation, but the vulnerability's nature suggests potential for future exploitation.
Please refer to the official Cisco Security Advisory for CVE-2025-20277 on the Cisco website (search for the CVE ID on Cisco.com).
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.