CVE-2025-20276

Name of the Vulnerable Software and Affected Versions Cisco Unified CCX (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The attacker must have valid administrative credentials to exploit this issue. This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this by sending a crafted Java object to an affected device, potentially allowing the execution of arbitrary code on the underlying operating system as a low-privilege user. The attacker could also undertake further actions to elevate their privileges to root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.