Cisco Unified Contact Center Express パス・トラバーサル脆弱性

Successful exploitation of CVE-2025-20277 could grant an attacker complete control over the Cisco Unified CCX device. This includes the ability to modify system configurations, steal sensitive data (call recordings, user credentials), and potentially pivot to other systems on the network. The requirement for administrative credentials limits the initial attack vector, but once gained, the impact is significant. The attack requires a crafted web request followed by a specific command via SSH, suggesting a degree of technical sophistication is needed, but the potential for remote code execution makes this a serious concern.

Organizations heavily reliant on Cisco Unified Contact Center Express for their contact center operations are at significant risk. This includes businesses with legacy deployments of older, unpatched versions (10.0(1)SU1–12.5(1)SU3) and those with limited resources for timely patching. Shared hosting environments where multiple tenants share a single CCX instance are also particularly vulnerable.

• linux / server:

journalctl -u ccx | grep -i "path traversal"

• cisco / server:

show running-config | grep -i "path traversal"

• generic web:

curl -I <CCX_IP>/<vulnerable_endpoint> | grep -i "path traversal"

1. 2025-06-04Disclosure

   disclosure

1. 予約済み2024-10-10
2. 公開日2025-06-04
3. 更新日2026-02-26
4. EPSS 更新日2026-03-23

The primary mitigation for CVE-2025-20277 is to upgrade to a patched version of Cisco Unified Contact Center Express as soon as it becomes available. If an immediate upgrade is not possible, restrict access to the web-based management interface to only trusted administrators. Implement strong authentication measures, including multi-factor authentication, to prevent unauthorized access. Consider using a web application firewall (WAF) to filter potentially malicious requests targeting the vulnerable endpoint. Monitor system logs for suspicious activity, particularly SSH login attempts and unusual web requests.