Posts for: #Cisco Unified Intelligence Center

Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability

2025-08-09

🚨 SEVERITY: MEDIUM — CVSS 5.8 Security Advisory

TL;DR 📌

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful…
No fixed release listed yet; apply mitigations and monitor.
Workarounds are documented in the advisory.
CVEs: CVE-2025-20288.

What happened 🕵️‍♂️

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.

[]

Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability

2025-08-09

#Cisco #Cisco Unified Contact Center Express #Cisco Unified Intelligence Center

🚨 SEVERITY: MEDIUM — CVSS 6.3 Security Advisory

TL;DR 📌

Cisco Unified Intelligence Center (CUIC) contains an authenticated arbitrary file upload vulnerability (CVE-2025-20274). An attacker with valid Report Designer (or higher) credentials could upload files, potentially execute commands and escalate to root. Fixed software is available; there are no workarounds.

What happened 🕵️‍♂️

Improper validation of files uploaded via the CUIC web management interface allows an authenticated remote attacker to upload arbitrary files. A successful exploit can store malicious files and execute arbitrary OS commands; Cisco raised the Security Impact Rating because an attacker could elevate privileges to root. Exploitation requires valid credentials with at least the Report Designer role. Cisco PSIRT is not aware of any public announcements or active malicious use.

[]