6
CVE-2025-20278 - Cisco Unified Communications Products Command Injection Vulnerability
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied comβ¦
4.8
CVE-2025-20279 - Cisco Unifed Contact Center Express Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to imprβ¦
3.4
CVE-2025-20277 - Cisco Unified Contact Center Express Path Traversal Vulnerability
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper lβ¦
3.8
CVE-2025-20276 - Cisco Unified Contact Center Express Remote Code Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insβ¦
5.3
CVE-2025-20275 - Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability
A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device. This vulnerability is due to insecure deserialization of Java objects by the affected software. β¦
6.1
CVE-2025-20273 - Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting vulnerability
A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulneraβ¦
8.8
CVE-2025-20261 - Cisco Integrated Management Controller Privilege Escalation Vulnerability
A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This vulnerability is duβ¦
8.7
CVE-2025-20163 - Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability
A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability bβ¦
4.3
CVE-2025-20129 - Cisco Customer Collaboration Platform Information Disclosure Vulnerability
A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sβ¦
4.9
CVE-2025-20130 - Cisco Identity Services Engine Access Control Bypass Vulnerability
A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file cβ¦