CNNVD-202511-399 Information

Nov 05, 2025 cve

CNNVD ID

CNNVD-202511-399

CVE-2025-20374

CNNVD Published: 2025-11-05

Description (Chinese)

Cisco Unified Contact Center Express（Unified CCX）是美国思科（Cisco）公司的一款统一通信解决方案中的客户关系管理组件。该组件支持自助语音服务、呼叫分配和客户访问控制等功能。 Cisco Unified Contact Center Express（Unified CCX）存在路径遍历漏洞，该漏洞源于特定UI功能输入验证不足，可能导致目录遍历攻击。

Description (English)

Cisco Unified Contact Center Express (Unified CCX) is the customer relationship management component of a unified communications solution with Cisco. The component supports functions such as self-service voice services, call allocation and customer access control. Cisco Unified Contact Center Express (Unified CCX) has a loophole in its path, which stems from the inadequate verification of specific UI functional input, which could lead to a directory going through.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

思科

Published

2025-11-05

Last Modified

2026-02-24

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSn https://access.redhat.com/security/cve/cve-2025-20374

Patch

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSn

Share on: