CVE-2025-20277

Name of the Vulnerable Software and Affected Versions Cisco Unified CCX (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, local attacker to execute arbitrary code on an affected device. The issue is due to improper limitation of a pathname to a restricted directory (path traversal). To exploit this, an attacker must have valid administrative credentials and could send a crafted web request to an affected device, followed by a specific command through an SSH session. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as a low-privilege user and potentially undertake further actions to elevate their privileges to root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.