TL;DR 📌

• A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device. This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading an authenticated, local user to open a crafted .aef…
• No fixed release listed yet; apply mitigations and monitor.
• Workarounds are documented in the advisory.
• CVEs: CVE-2025-20275.

What happened 🕵️‍♂️

A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device.

TL;DR 📌

• Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack or execute arbitrary code on an affected device. To exploit these vulnerabilities, the attacker must have valid administrative credentials. For more information about these vulnerabilities, see the Details ["#details"] section of…
• No fixed release listed yet; apply mitigations and monitor.
• Workarounds are documented in the advisory.
• CVEs: CVE-2025-20276, CVE-2025-20277, CVE-2025-20279.

What happened 🕵️‍♂️

The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.

TL;DR 📌

• A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the…
• No fixed release listed yet; apply mitigations and monitor.
• Workarounds are documented in the advisory.
• CVEs: CVE-2025-20129.

What happened 🕵️‍♂️

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data.

TL;DR 📌

• A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful…
• No fixed release listed yet; apply mitigations and monitor.
• Workarounds are documented in the advisory.
• CVEs: CVE-2025-20288.

What happened 🕵️‍♂️

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.

TL;DR 📌

Cisco Unified Intelligence Center (CUIC) contains an authenticated arbitrary file upload vulnerability (CVE-2025-20274). An attacker with valid Report Designer (or higher) credentials could upload files, potentially execute commands and escalate to root. Fixed software is available; there are no workarounds.

What happened 🕵️‍♂️

Improper validation of files uploaded via the CUIC web management interface allows an authenticated remote attacker to upload arbitrary files. A successful exploit can store malicious files and execute arbitrary OS commands; Cisco raised the Security Impact Rating because an attacker could elevate privileges to root. Exploitation requires valid credentials with at least the Report Designer role. Cisco PSIRT is not aware of any public announcements or active malicious use.