CVE-2025-20274
Published: 16 July 2025
Summary
CVE-2025-20274 is a medium-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Cisco Unified Contact Center Express. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requiring identifiable owners for portable devices reduces the attack surface for unrestricted uploads of dangerous file types via anonymous media.
Dangerous file uploads can be detonated in the chamber to determine malice before any production write or execution occurs.
Prevents unrestricted writing of arbitrary or malicious firmware by keeping hardware write-protect enabled except under tightly controlled manual procedures.
Scans files from external sources on download/open/execute, blocking unrestricted uploads of dangerous file types.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unrestricted file upload in web management interface directly enables remote exploitation of public-facing app (T1190), arbitrary command execution via uploaded files (T1505.003 web shell), and root privilege escalation (T1068).
NVD Description
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the…
more
web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system and execute arbitrary commands on the operating system. The Security Impact Rating (SIR) of this advisory has been raised to High because an attacker could elevate privileges to root. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Report Designer.
Deeper analysisAI
CVE-2025-20274 affects the web-based management interface of Cisco Unified Intelligence Center. The vulnerability stems from improper validation of files uploaded through this interface, enabling an authenticated remote attacker to upload arbitrary files to the device. Published on 2025-07-16, it has a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type).
An attacker must possess valid credentials for a user account with at least the Report Designer role to exploit this issue. Upon successful exploitation, the attacker can store malicious files on the system and execute arbitrary commands on the operating system. Cisco raised the Security Impact Rating (SIR) to High due to the potential for privilege escalation to root.
The official Cisco Security Advisory provides details on mitigation and patches: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-file-upload-UhNEtStm.
Details
- CWE(s)