A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system.
Conclusion & alert: CVE-2025-20279 is rated Low Risk (23.3/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.21%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.14% | 0.21% | +0.07% |
| 2 | 2026-03-31 | 0.03% | 0.14% | +0.11% |
| 3 | 2025-11-21 | — | 0.03% | — |
Full EPSS history (7 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 4.8 | 3.1 | MEDIUM |
|
1.7 | 2.7 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| cisco | unified_contact_center_express | 8.5\(1\) | cpe:2.3:a:cisco:unified_contact_center_express:8.5\(1\):*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 9.0\(2\)su3es04 | cpe:2.3:a:cisco:unified_contact_center_express:9.0\(2\)su3es04:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 10.0\(1\)su1 | cpe:2.3:a:cisco:unified_contact_center_express:10.0\(1\)su1:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 10.0\(1\)su1es04 | cpe:2.3:a:cisco:unified_contact_center_express:10.0\(1\)su1es04:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 10.5\(1\) | cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\):*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 10.5\(1\)su1 | cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\)su1:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 10.5\(1\)su1es10 | cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\)su1es10:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 10.6\(1\) | cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\):*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 10.6\(1\)su1 | cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su1:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 10.6\(1\)su2 | cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su2:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 10.6\(1\)su2es04 | cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su2es04:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 10.6\(1\)su3 | cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 10.6\(1\)su3es01 | cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es01:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 10.6\(1\)su3es02 | cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es02:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 10.6\(1\)su3es03 | cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es03:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.0\(1\)su1 | cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.0\(1\)su1es02 | cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1es02:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.0\(1\)su1es03 | cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1es03:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.5\(1\)es01 | cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)es01:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.5\(1\)su1 | cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.5\(1\)su1es01 | cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es01:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.5\(1\)su1es02 | cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es02:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.5\(1\)su1es03 | cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es03:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.6\(1\) | cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\):*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.6\(1\)es01 | cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\)es01:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.6\(1\)es02 | cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\)es02:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.6\(2\) | cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\):*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.6\(2\)es01 | cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es01:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.6\(2\)es02 | cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es02:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.6\(2\)es03 | cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es03:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.6\(2\)es04 | cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es04:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.6\(2\)es05 | cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es05:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.6\(2\)es06 | cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es06:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.6\(2\)es07 | cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es07:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 11.6\(2\)es08 | cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es08:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.0\(1\) | cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\):*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.0\(1\)es01 | cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es01:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.0\(1\)es02 | cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es02:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.0\(1\)es03 | cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es03:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.0\(1\)es04 | cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es04:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\) | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)_su01_es01 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es01:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)_su01_es02 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es02:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)_su01_es03 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es03:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)_su02_es01 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es01:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)_su02_es02 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es02:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)_su02_es03 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es03:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)_su02_es04 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es04:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)_su03_es01 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es01:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)_su03_es02 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es02:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)_su03_es03 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es03:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)_su03_es04 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es04:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)_su03_es05 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es05:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)_su03_es06 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es06:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)es01 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es01:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)es02 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es02:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)es03 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es03:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)su1 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su1:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)su2 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su2:*:*:*:*:*:*:* |
| cisco | unified_contact_center_express | 12.5\(1\)su3 | cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su3:*:*:*:*:*:*:* |