Cisco Unified Intelligence Center Flaw Lets Remote Attackers Upload Arbitrary Files
gbhackersA critical security vulnerability has been discovered in Cisco’s Unified Intelligence Center that allows authenticated remote attackers to upload arbitrary files to affected systems, potentially enabling complete system compromise.
The flaw, tracked as CVE-2025-20274, carries a CVSS score of 6.3 and has been assigned a High security impact rating by Cisco due to the potential for privilege escalation to root access.
Vulnerability Details and Attack Vector
The vulnerability stems from improper validation of files uploaded through the web-based management interface of Cisco Unified Intelligence Center.
According to Cisco’s security advisory published on July 16, 2025, attackers with valid credentials for a user account possessing at least Report Designer role privileges can exploit this weakness to upload malicious files to the target system.
| CVE Details | Information |
| CVE ID | CVE-2025-20274 |
| CVSS Score | 6.3 (High) |
| CWE | CWE-434 |
| Advisory ID | cisco-sa-cuis-file-upload-UhNEtStm |
| Bug IDs | CSCwn18794, CSCwn26636 |
| First Published | July 16, 2025 ... |
Copyright of this story solely belongs to gbhackers . To see the full text click HERE