Cisco has disclosed multiple critical vulnerabilities in Unified Contact Center Express (CCX) that allow unauthenticated remote attackers to execute malicious code and escalate privileges.
The vulnerabilities affect the Java Remote Method Invocation (RMI) process and authentication mechanisms, potentially compromising entire contact center deployments.
The primary vulnerability, CVE-2025-20354, has a critical CVSS score of 9.8, allowing attackers to upload arbitrary files via the Java RMI process without authentication.
Successful exploitation allows attackers to execute commands with root privileges on affected systems.
The vulnerability stems from improper authentication mechanisms in Cisco Unified CCX, leaving organizations’ contact center infrastructure exposed to complete compromise.
Attackers can leverage this flaw to establish persistent access, steal sensitive customer data, or deploy ransomware across entire contact center networks.
CVE-2025-20358 presents an equally dangerous authentication bypass affecting the CCX Editor application.
Rated 9.4 on the CVSS scale, this vulnerability allows attackers to redirect the authentication flow to malicious servers, tricking the CCX Editor into believing legitimate authentication occurred.
Once bypassed, attackers gain administrative permissions to create and execute arbitrary scripts as internal non-root users.
This dual-vulnerability combination creates a sophisticated attack chain that allows remote attackers to escalate privileges and maintain control over contact center operations progressively.
| CVE ID | Vulnerability Type | CVSS Score |
|---|---|---|
| CVE-2025-20354 | Remote Code Execution | 9.8 |
| CVE-2025-20358 | Authentication Bypass | 9.4 |
Cisco has released software updates addressing both vulnerabilities, with no workarounds available.
Organizations running Unified CCX version 12.5 SU3 and earlier must upgrade immediately to version 12.5 SU3 ES07, while users on version 15.0 must install version 15.0 ES01.
The vulnerabilities affect all Unified CCX configurations regardless of deployment settings. Other Cisco products, including Unified Contact Center Enterprise (CCE) and Packaged Contact Center Enterprise, remain unaffected.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
A critical security vulnerability has been discovered in ASUSTOR backup and synchronization software, allowing attackers…
Microsoft has introduced a practical new feature in Windows 11 designed specifically for public-facing monitors…
SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That…
OpenAI has launched GPT-5.1-Codex-Max, a specialized coding model designed to handle complex development tasks autonomously. The…
The U.S. Department of the Treasury, Australia, and the United Kingdom have announced coordinated sanctions…
Salesforce has issued a critical security alert identifying "unusual activity" involving Gainsight-published applications connected to…