CVE-2025-20275: Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability

5.3 CVSS

Description

A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device.

This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading an authenticated, local user to open a crafted .aef file. A successful exploit could allow the attacker to execute arbitrary code on the host that is running the editor application with the privileges of the user who launched it.

Classification

CVE ID: CVE-2025-20275

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Problem Types

Deserialization of Untrusted Data

Affected Products

Vendor: Cisco

Product: Cisco Unified Contact Center Express

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 19.66% (scored less or equal to compared to others)

EPSS Date: 2025-06-06 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-20275
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-editor-rce-ezyYZte8

Timeline

2025-06-04 16:00:44 UTC
Cisco Security Advisory

Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability
2025-06-04 17:40:15 UTC
CVE

Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability