CVE-2025-20274

HIGH EPSS 29.9%
Published Jul 16, 202511mo ago · Modified Jun 17, 20261w ago
8.8 CVSS 3.1
High
Find Similar
Published Jul 16, 2025 11mo ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system and execute arbitrary commands on the operating system. The Security Impact Rating (SIR) of this advisory has been raised to High because an attacker could elevate privileges to root. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Report Designer.

CVSS Details

Base Score
8.8
Exploitability
2.8
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
29.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-434 Unrestricted Upload of File with Dangerous Type Resource Mgmt

Affected Products 69

VendorProductVersionRange
ciscounified_intelligence_center10.5\(1\)any
ciscounified_intelligence_center11.0\(1\)any
ciscounified_intelligence_center11.0\(2\)any
ciscounified_intelligence_center11.0\(3\)any
ciscounified_intelligence_center11.5\(1\)any
ciscounified_intelligence_center11.6\(1\)any
ciscounified_intelligence_center12.0\(1\)any
ciscounified_intelligence_center12.5\(1\)any
ciscounified_intelligence_center12.5\(1\)suany
ciscounified_intelligence_center12.6\(1\)any
ciscounified_intelligence_center12.6\(1\)_es05_etany
ciscounified_intelligence_center12.6\(1\)_etany
ciscounified_intelligence_center12.6\(2\)any
ciscounified_contact_center_express10.5\(1\)any
ciscounified_contact_center_express10.5\(1\)su1any
ciscounified_contact_center_express10.5\(1\)su1es10any
ciscounified_contact_center_express10.6\(1\)any
ciscounified_contact_center_express10.6\(1\)su1any
ciscounified_contact_center_express10.6\(1\)su2any
ciscounified_contact_center_express10.6\(1\)su2es04any
ciscounified_contact_center_express10.6\(1\)su3any
ciscounified_contact_center_express10.6\(1\)su3es01any
ciscounified_contact_center_express10.6\(1\)su3es02any
ciscounified_contact_center_express10.6\(1\)su3es03any
ciscounified_contact_center_express11.0\(1\)su1any
ciscounified_contact_center_express11.0\(1\)su1es02any
ciscounified_contact_center_express11.0\(1\)su1es03any
ciscounified_contact_center_express11.5\(1\)es01any
ciscounified_contact_center_express11.5\(1\)su1any
ciscounified_contact_center_express11.5\(1\)su1es01any
ciscounified_contact_center_express11.5\(1\)su1es02any
ciscounified_contact_center_express11.5\(1\)su1es03any
ciscounified_contact_center_express11.6\(1\)any
ciscounified_contact_center_express11.6\(1\)es01any
ciscounified_contact_center_express11.6\(1\)es02any
ciscounified_contact_center_express11.6\(2\)any
ciscounified_contact_center_express11.6\(2\)es01any
ciscounified_contact_center_express11.6\(2\)es02any
ciscounified_contact_center_express11.6\(2\)es03any
ciscounified_contact_center_express11.6\(2\)es04any
ciscounified_contact_center_express11.6\(2\)es05any
ciscounified_contact_center_express11.6\(2\)es06any
ciscounified_contact_center_express11.6\(2\)es07any
ciscounified_contact_center_express11.6\(2\)es08any
ciscounified_contact_center_express12.0\(1\)any
ciscounified_contact_center_express12.0\(1\)es01any
ciscounified_contact_center_express12.0\(1\)es02any
ciscounified_contact_center_express12.0\(1\)es03any
ciscounified_contact_center_express12.0\(1\)es04any
ciscounified_contact_center_express12.5\(1\)any
ciscounified_contact_center_express12.5\(1\)_su01_es01any
ciscounified_contact_center_express12.5\(1\)_su01_es02any
ciscounified_contact_center_express12.5\(1\)_su01_es03any
ciscounified_contact_center_express12.5\(1\)_su02_es01any
ciscounified_contact_center_express12.5\(1\)_su02_es02any
ciscounified_contact_center_express12.5\(1\)_su02_es03any
ciscounified_contact_center_express12.5\(1\)_su02_es04any
ciscounified_contact_center_express12.5\(1\)_su03_es01any
ciscounified_contact_center_express12.5\(1\)_su03_es02any
ciscounified_contact_center_express12.5\(1\)_su03_es03any
ciscounified_contact_center_express12.5\(1\)_su03_es04any
ciscounified_contact_center_express12.5\(1\)_su03_es05any
ciscounified_contact_center_express12.5\(1\)_su03_es06any
ciscounified_contact_center_express12.5\(1\)es01any
ciscounified_contact_center_express12.5\(1\)es02any
ciscounified_contact_center_express12.5\(1\)es03any
ciscounified_contact_center_express12.5\(1\)su1any
ciscounified_contact_center_express12.5\(1\)su2any
ciscounified_contact_center_express12.5\(1\)su3any

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-file-upload-UhNEtStm
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.