Cisco Unified Communications Products Command Injection Vulnerability A vulnerability in the CLI of multiple Cisco products could allow an authenticated, local attacker to execute arbitrary commands on underlying operating system affected device as <em>root</em> user.<br><br> This is due improper validation user-supplied command arguments. An exploit this by executing crafted device. A successful user. To vulnerability, must have valid administrative credentials.<br><br> Cisco has released software updates that address vulnerability. There are no workarounds vulnerability.<br><br> This advisory available at following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy</a><br><br> <br/>Security Impact Rating: Medium <br/>CVE: CVE-2025-20278 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy CISCO