Cisco has released a critical security advisory addressing a significant arbitrary file upload vulnerability in its Unified Intelligence Center that could allow authenticated attackers to execute arbitrary commands and escalate privileges to root level.
The vulnerability, tracked as CVE-2025-20274 with a CVSS base score of 6.3, affects multiple Cisco contact center solutions and requires immediate attention from system administrators.
Critical Vulnerability Details
The vulnerability stems from improper validation of files uploaded through the web-based management interface of Cisco Unified Intelligence Center.
Classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), this security flaw enables authenticated remote attackers to upload arbitrary files to affected devices.
The Cisco Product Security Incident Response Team (PSIRT) has assigned this vulnerability the advisory identifier cisco-sa-cuis-file-upload-UhNEtStm and elevated its Security Impact Rating (SIR) to High due to the potential for privilege escalation.
To exploit this vulnerability, attackers must possess valid credentials for a user account with at least Report Designer role privileges.
Upon successful exploitation, malicious actors can store dangerous files on the system and execute arbitrary commands on the underlying operating system.
The vulnerability is tracked internally by Cisco under bug identifiers CSCwn18794 and CSCwn26636, indicating multiple code paths affected by the same underlying issue.
Affected Systems and Impact
The vulnerability affects Cisco Unified Intelligence Center across all device configurations, regardless of specific deployment settings.
This includes systems integrated within Packaged Contact Center Enterprise (Packaged CCE) and Unified Contact Center Enterprise (Unified CCE) solutions.
Additionally, Cisco Unified Contact Center Express (Unified CCX) environments are vulnerable because they bundle Cisco Unified Intelligence Center as part of their software package.
Specifically vulnerable releases include Cisco Unified Intelligence Center versions 12.5 and 12.6, while version 15 has been confirmed as not vulnerable.
For Unified CCX deployments, releases 12.5(1)SU3 and earlier require immediate migration to fixed versions.
Importantly, Cisco has confirmed that Cisco Finesse products are not affected by this vulnerability.
Patch Availability and Recommendations
Cisco has released free software updates addressing this vulnerability, with no available workarounds.
For Unified Intelligence Center version 12.5, the first fixed release is 12.5(1) SU ES05, while version 12.6 requires an upgrade to 12.6(2) ES05.
Unified CCX customers running vulnerable versions must migrate to supported fixed releases.
The vulnerability was responsibly disclosed by security researchers Khaled Emad and Abdelrahman Osama from CyShield, with no public announcements or malicious exploitation detected by Cisco PSIRT.
Customers should prioritize immediate patching, ensure sufficient system memory for upgrades, and contact Cisco Technical Assistance Center (TAC) for support if needed.
Those without service contracts can obtain fixes by providing the advisory URL as evidence of entitlement to free security updates.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The vulnerability, tracked as CVE-2025-20274 with a CVSS base score of 6.3, affects multiple Cisco contact center solutions){kind=link}