{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T10:51:56.221","vulnerabilities":[{"cve":{"id":"CVE-2025-20374","sourceIdentifier":"psirt@cisco.com","published":"2025-11-05T17:15:38.457","lastModified":"2025-11-17T19:40:48.957","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources.\r\n\r\nThis vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A successful exploit could allow the attacker to gain read access to arbitrary files on the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*","versionEndExcluding":"12.5\\(1\\)_su03_es07","matchCriteriaId":"6EF18C21-6E70-4748-99FA-884754F44D1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_contact_center_express:15.0:*:*:*:*:*:*:*","matchCriteriaId":"124C88AE-ED0C-4CBC-A84D-200EDB776C8C"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSn","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}}]}