{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-20275", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2024-10-10T19:15:13.246Z", "datePublished": "2025-06-04T16:18:03.810Z", "dateUpdated": "2025-06-05T03:55:26.247Z"}, "containers": {"cna": {"title": "Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device. \r\n\r\nThis vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading an authenticated, local user to open a crafted .aef file. A successful exploit could allow the attacker to execute arbitrary code on the host that is running the editor application with the privileges of the user who launched it."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-editor-rce-ezyYZte8", "name": "cisco-sa-uccx-editor-rce-ezyYZte8"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-uccx-editor-rce-ezyYZte8", "discovery": "EXTERNAL", "defects": ["CSCwk24113"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Deserialization of Untrusted Data", "type": "cwe", "cweId": "CWE-502"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Unified Contact Center Express", "versions": [{"version": "10.6(1)", "status": "affected"}, {"version": "10.5(1)SU1", "status": "affected"}, {"version": "10.6(1)SU3", "status": "affected"}, {"version": "12.0(1)", "status": "affected"}, {"version": "10.0(1)SU1", "status": "affected"}, {"version": "10.6(1)SU1", "status": "affected"}, {"version": "11.0(1)SU1", "status": "affected"}, {"version": "11.5(1)SU1", "status": "affected"}, {"version": "10.5(1)", "status": "affected"}, {"version": "11.6(1)", "status": "affected"}, {"version": "11.6(2)", "status": "affected"}, {"version": "12.5(1)", "status": "affected"}, {"version": "12.5(1)SU1", "status": "affected"}, {"version": "12.5(1)SU2", "status": "affected"}, {"version": "12.5(1)SU3", "status": "affected"}, {"version": "12.5(1)_SU03_ES01", "status": "affected"}, {"version": "12.5(1)_SU03_ES02", "status": "affected"}, {"version": "12.5(1)_SU02_ES03", "status": "affected"}, {"version": "12.5(1)_SU02_ES04", "status": "affected"}, {"version": "12.5(1)_SU02_ES02", "status": "affected"}, {"version": "12.5(1)_SU01_ES02", "status": "affected"}, {"version": "12.5(1)_SU01_ES03", "status": "affected"}, {"version": "12.5(1)_SU02_ES01", "status": "affected"}, {"version": "11.6(2)ES07", "status": "affected"}, {"version": "11.6(2)ES08", "status": "affected"}, {"version": "12.5(1)_SU01_ES01", "status": "affected"}, {"version": "12.0(1)ES04", "status": "affected"}, {"version": "12.5(1)ES02", "status": "affected"}, {"version": "12.5(1)ES03", "status": "affected"}, {"version": "11.6(2)ES06", "status": "affected"}, {"version": "12.5(1)ES01", "status": "affected"}, {"version": "12.0(1)ES03", "status": "affected"}, {"version": "12.0(1)ES01", "status": "affected"}, {"version": "11.6(2)ES05", "status": "affected"}, {"version": "12.0(1)ES02", "status": "affected"}, {"version": "11.6(2)ES04", "status": "affected"}, {"version": "11.6(2)ES03", "status": "affected"}, {"version": "11.6(2)ES02", "status": "affected"}, {"version": "11.6(2)ES01", "status": "affected"}, {"version": "10.6(1)SU3ES03", "status": "affected"}, {"version": "11.0(1)SU1ES03", "status": "affected"}, {"version": "10.6(1)SU3ES01", "status": "affected"}, {"version": "10.5(1)SU1ES10", "status": "affected"}, {"version": "10.0(1)SU1ES04", "status": "affected"}, {"version": "11.5(1)SU1ES03", "status": "affected"}, {"version": "11.6(1)ES02", "status": "affected"}, {"version": "11.5(1)ES01", "status": "affected"}, {"version": "9.0(2)SU3ES04", "status": "affected"}, {"version": "10.6(1)SU2", "status": "affected"}, {"version": "10.6(1)SU2ES04", "status": "affected"}, {"version": "11.6(1)ES01", "status": "affected"}, {"version": "10.6(1)SU3ES02", "status": "affected"}, {"version": "11.5(1)SU1ES02", "status": "affected"}, {"version": "11.5(1)SU1ES01", "status": "affected"}, {"version": "8.5(1)", "status": "affected"}, {"version": "11.0(1)SU1ES02", "status": "affected"}, {"version": "12.5(1)_SU03_ES03", "status": "affected"}, {"version": "12.5(1)_SU03_ES04", "status": "affected"}, {"version": "12.5(1)_SU03_ES05", "status": "affected"}, {"version": "12.5(1)_SU03_ES06", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-06-04T16:18:03.810Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-04T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-20275"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-05T03:55:26.247Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-20275", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-04T18:12:58.820457Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-04T18:13:00.884Z"}}], "cna": {"title": "Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability", "source": {"defects": ["CSCwk24113"], "advisory": "cisco-sa-uccx-editor-rce-ezyYZte8", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Unified Contact Center Express", "versions": [{"status": "affected", "version": "10.6(1)"}, {"status": "affected", "version": "10.5(1)SU1"}, {"status": "affected", "version": "10.6(1)SU3"}, {"status": "affected", "version": "12.0(1)"}, {"status": "affected", "version": "10.0(1)SU1"}, {"status": "affected", "version": "10.6(1)SU1"}, {"status": "affected", "version": "11.0(1)SU1"}, {"status": "affected", "version": "11.5(1)SU1"}, {"status": "affected", "version": "10.5(1)"}, {"status": "affected", "version": "11.6(1)"}, {"status": "affected", "version": "11.6(2)"}, {"status": "affected", "version": "12.5(1)"}, {"status": "affected", "version": "12.5(1)SU1"}, {"status": "affected", "version": "12.5(1)SU2"}, {"status": "affected", "version": "12.5(1)SU3"}, {"status": "affected", "version": "12.5(1)_SU03_ES01"}, {"status": "affected", "version": "12.5(1)_SU03_ES02"}, {"status": "affected", "version": "12.5(1)_SU02_ES03"}, {"status": "affected", "version": "12.5(1)_SU02_ES04"}, {"status": "affected", "version": "12.5(1)_SU02_ES02"}, {"status": "affected", "version": "12.5(1)_SU01_ES02"}, {"status": "affected", "version": "12.5(1)_SU01_ES03"}, {"status": "affected", "version": "12.5(1)_SU02_ES01"}, {"status": "affected", "version": "11.6(2)ES07"}, {"status": "affected", "version": "11.6(2)ES08"}, {"status": "affected", "version": "12.5(1)_SU01_ES01"}, {"status": "affected", "version": "12.0(1)ES04"}, {"status": "affected", "version": "12.5(1)ES02"}, {"status": "affected", "version": "12.5(1)ES03"}, {"status": "affected", "version": "11.6(2)ES06"}, {"status": "affected", "version": "12.5(1)ES01"}, {"status": "affected", "version": "12.0(1)ES03"}, {"status": "affected", "version": "12.0(1)ES01"}, {"status": "affected", "version": "11.6(2)ES05"}, {"status": "affected", "version": "12.0(1)ES02"}, {"status": "affected", "version": "11.6(2)ES04"}, {"status": "affected", "version": "11.6(2)ES03"}, {"status": "affected", "version": "11.6(2)ES02"}, {"status": "affected", "version": "11.6(2)ES01"}, {"status": "affected", "version": "10.6(1)SU3ES03"}, {"status": "affected", "version": "11.0(1)SU1ES03"}, {"status": "affected", "version": "10.6(1)SU3ES01"}, {"status": "affected", "version": "10.5(1)SU1ES10"}, {"status": "affected", "version": "10.0(1)SU1ES04"}, {"status": "affected", "version": "11.5(1)SU1ES03"}, {"status": "affected", "version": "11.6(1)ES02"}, {"status": "affected", "version": "11.5(1)ES01"}, {"status": "affected", "version": "9.0(2)SU3ES04"}, {"status": "affected", "version": "10.6(1)SU2"}, {"status": "affected", "version": "10.6(1)SU2ES04"}, {"status": "affected", "version": "11.6(1)ES01"}, {"status": "affected", "version": "10.6(1)SU3ES02"}, {"status": "affected", "version": "11.5(1)SU1ES02"}, {"status": "affected", "version": "11.5(1)SU1ES01"}, {"status": "affected", "version": "8.5(1)"}, {"status": "affected", "version": "11.0(1)SU1ES02"}, {"status": "affected", "version": "12.5(1)_SU03_ES03"}, {"status": "affected", "version": "12.5(1)_SU03_ES04"}, {"status": "affected", "version": "12.5(1)_SU03_ES05"}, {"status": "affected", "version": "12.5(1)_SU03_ES06"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-editor-rce-ezyYZte8", "name": "cisco-sa-uccx-editor-rce-ezyYZte8"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device. \r\n\r\nThis vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading an authenticated, local user to open a crafted .aef file. A successful exploit could allow the attacker to execute arbitrary code on the host that is running the editor application with the privileges of the user who launched it."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-502", "description": "Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-06-04T16:18:03.810Z"}}}, "cveMetadata": {"cveId": "CVE-2025-20275", "state": "PUBLISHED", "dateUpdated": "2025-06-05T03:55:26.247Z", "dateReserved": "2024-10-10T19:15:13.246Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2025-06-04T16:18:03.810Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:8.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "ED97AAD8-D02D-42AB-863A-7538A1F6D425", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:9.0\\(2\\)su3es04:*:*:*:*:*:*:*", "matchCriteriaId": "E1202DE4-CA67-424E-8379-2BC13630F0C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "31854EAF-89B5-40BB-98E7-7EBB2E867C96", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1es04:*:*:*:*:*:*:*", "matchCriteriaId": "DE1194F1-9CF5-460E-AF26-FB7CDC1EE878", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "1C277058-F33F-4E60-AE89-658CB6558D9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "1E255206-BDDB-4F0F-9ED7-3A3ACA74EF83", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1es10:*:*:*:*:*:*:*", "matchCriteriaId": "CE358FF2-CB8A-4E0D-926E-ED151B585E52", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "D6F83A65-F3AC-4F6B-97A3-9FC582683BCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "A766B903-E6DB-4838-90A7-63918C9F8AD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2:*:*:*:*:*:*:*", "matchCriteriaId": "2F1F0C70-E644-4DCA-93C2-6BCB331D08E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2es04:*:*:*:*:*:*:*", "matchCriteriaId": "DF54B434-E765-40B1-B12A-21FC7F415ACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3:*:*:*:*:*:*:*", "matchCriteriaId": "60839544-11E0-4381-A9AA-21D6FB403F88", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es01:*:*:*:*:*:*:*", "matchCriteriaId": "7D8114CF-6689-4C97-BD5D-07CC8EEF35A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es02:*:*:*:*:*:*:*", "matchCriteriaId": "1D90986B-64ED-44A1-9CF1-7C9FD27555FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es03:*:*:*:*:*:*:*", "matchCriteriaId": "442E4715-5043-4BF7-8961-C8844A00A7B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "0242DD9A-A5BB-4DE7-9218-7AE0FE2A65AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es02:*:*:*:*:*:*:*", "matchCriteriaId": "A5002FAA-FE64-4AA7-B0D7-22084CCE0CE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es03:*:*:*:*:*:*:*", "matchCriteriaId": "6C17A2AB-33B3-4089-A701-A29A4E55D667", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)es01:*:*:*:*:*:*:*", "matchCriteriaId": "DC6FFA8B-248F-42C7-8A06-3F7E158386EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "26A35E9A-FFFB-49AF-BA70-67F3EA54B9ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es01:*:*:*:*:*:*:*", "matchCriteriaId": "3F529FE5-1DE8-43A5-88EE-0980D3A55BCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es02:*:*:*:*:*:*:*", "matchCriteriaId": "766350AF-1B2F-4DC0-9DA3-E17B45892163", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es03:*:*:*:*:*:*:*", "matchCriteriaId": "702E48CC-3858-491C-A328-5D9ADDDC8DC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "20CF8B80-28C0-407B-BA60-1B07694A3DFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es01:*:*:*:*:*:*:*", "matchCriteriaId": "59A30F7B-9756-40BD-89C1-60E2702CC806", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es02:*:*:*:*:*:*:*", "matchCriteriaId": "29A15BB5-0725-4159-B387-74CFBF58F349", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "82F5416D-0DF3-48BB-8A23-DBC2B0746195", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es01:*:*:*:*:*:*:*", "matchCriteriaId": "908E3B03-7248-44B4-B0DE-E3B3F7FA9555", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es02:*:*:*:*:*:*:*", "matchCriteriaId": "1705F343-BF9D-4EBC-B833-64F03EDD7C27", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es03:*:*:*:*:*:*:*", "matchCriteriaId": "686F6450-99FC-4260-B9CE-B7F313464EFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es04:*:*:*:*:*:*:*", "matchCriteriaId": "93851C02-3E0A-41F1-82BB-24546A83E272", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es05:*:*:*:*:*:*:*", "matchCriteriaId": "10E25C7A-42B4-40CE-A13B-0252C05FCFD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es06:*:*:*:*:*:*:*", "matchCriteriaId": "4D0128C7-3FB4-42EE-B4D8-68EAAC4727A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es07:*:*:*:*:*:*:*", "matchCriteriaId": "2A92970B-53FD-4ED6-95BC-FDC7BB6780CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es08:*:*:*:*:*:*:*", "matchCriteriaId": "FE8E4137-3059-46B0-B241-2AA42A3D959E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "30A8784D-B7A6-4F13-B89D-4ED910CC0576", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es01:*:*:*:*:*:*:*", "matchCriteriaId": "B368DEE7-7639-4D46-997B-2F2409712CAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es02:*:*:*:*:*:*:*", "matchCriteriaId": "B721320B-C72C-4550-B585-9F43439FAB25", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es03:*:*:*:*:*:*:*", "matchCriteriaId": "A5F18549-A002-4106-9740-6B641E0ECF8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es04:*:*:*:*:*:*:*", "matchCriteriaId": "CFF4AD59-6A04-4473-84E0-D99D24D99BC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "A9715BD0-F519-462E-ACF6-859B203638D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es01:*:*:*:*:*:*:*", "matchCriteriaId": "CB2C8F59-78F2-4E3A-8261-F4EF214F691A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es02:*:*:*:*:*:*:*", "matchCriteriaId": "D3117461-56A5-4957-8BE0-83F44B66AE3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es03:*:*:*:*:*:*:*", "matchCriteriaId": "4B279AE4-9CF7-49F1-A4C3-D8A6301EF136", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es01:*:*:*:*:*:*:*", "matchCriteriaId": "860ACAB6-5CB9-468C-90C4-B7C8E9559D2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es02:*:*:*:*:*:*:*", "matchCriteriaId": "FB2D8357-773D-492F-BC5B-F672C4D736A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es03:*:*:*:*:*:*:*", "matchCriteriaId": "EE0B3B5E-2C4C-473C-B7FB-F62AAC19744C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es04:*:*:*:*:*:*:*", "matchCriteriaId": "51D7EEFA-D04C-4769-8C62-B8B5902F79ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es01:*:*:*:*:*:*:*", "matchCriteriaId": "E31A16D3-3B40-42EA-BAC3-05A13082CED2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es02:*:*:*:*:*:*:*", "matchCriteriaId": "21F08B08-23C1-4AD7-AD67-34D196C8470E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es03:*:*:*:*:*:*:*", "matchCriteriaId": "05AD3A80-2409-475E-87F5-430E51C53087", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es04:*:*:*:*:*:*:*", "matchCriteriaId": "49165652-275C-4AD9-9585-2F130989D404", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es05:*:*:*:*:*:*:*", "matchCriteriaId": "A4480EF1-226E-459E-B2F5-3985A219BBD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es06:*:*:*:*:*:*:*", "matchCriteriaId": "2A408698-6123-4772-8D11-FE89EBB135D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es01:*:*:*:*:*:*:*", "matchCriteriaId": "81728CDB-DD39-4DD9-BB82-6F2D8E3D1E2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es02:*:*:*:*:*:*:*", "matchCriteriaId": "80F9AF5B-3670-4910-9AD8-C1FB90C7190B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es03:*:*:*:*:*:*:*", "matchCriteriaId": "78DAF852-5CA1-4D2B-948B-F0E9FB9DA973", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su1:*:*:*:*:*:*:*", "matchCriteriaId": "83EDDAAF-0746-4851-B7E5-60E4ED039D02", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su2:*:*:*:*:*:*:*", "matchCriteriaId": "0FBB3406-4AD0-41B1-AFC3-3FC6E7E01B10", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su3:*:*:*:*:*:*:*", "matchCriteriaId": "6BF183D9-CDF6-44D9-B529-F13666A3EE07", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device. \r\n\r\nThis vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading an authenticated, local user to open a crafted .aef file. A successful exploit could allow the attacker to execute arbitrary code on the host that is running the editor application with the privileges of the user who launched it."}, {"lang": "es", "value": "Una vulnerabilidad en el proceso de apertura de archivos del editor de Cisco Unified Contact Center Express (Unified CCX) podr\u00eda permitir que un atacante no autenticado ejecute c\u00f3digo arbitrario en un dispositivo afectado. Esta vulnerabilidad se debe a la deserializaci\u00f3n insegura de objetos Java por parte del software afectado. Un atacante podr\u00eda explotar esta vulnerabilidad persuadiendo a un usuario local autenticado para que abra un archivo .aef manipulado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario en el host que ejecuta la aplicaci\u00f3n del editor con los privilegios del usuario que la inici\u00f3."}], "id": "CVE-2025-20275", "lastModified": "2025-07-22T13:36:08.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "psirt@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-06-04T17:15:27.350", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-editor-rce-ezyYZte8"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}