The vulnerabilities affect the Java Remote Method Invocation (RMI) process and authentication mechanisms, potentially compromising entire contact center deployments.
The primary vulnerability, CVE-2025-20354, has a critical CVSS score of 9.8, allowing attackers to upload arbitrary files via the Java RMI process without authentication.
Successful exploitation allows attackers to execute commands with root privileges on affected systems.
The vulnerability stems from improper authentication mechanisms in Cisco Unified CCX, leaving organizations’ contact center infrastructure exposed to complete compromise.
Attackers can leverage this flaw to establish persistent access, steal sensitive customer data, or deploy ransomware across entire contact center networks.
CVE-2025-20358 presents an equally dangerous authentication bypass affecting the CCX Editor application.
Rated 9.4 on the CVSS scale, this vulnerability allows attackers to redirect the authentication flow to malicious servers, tricking the CCX Editor into believing legitimate authentication occurred.
Once bypassed, attackers gain administrative permissions to create and execute arbitrary scripts as internal non-root users.
This dual-vulnerability combination creates a sophisticated attack chain that allows remote attackers to escalate privileges and maintain control over contact center operations progressively.
| CVE ID | Vulnerability Type | CVSS Score |
|---|---|---|
| CVE-2025-20354 | Remote Code Execution | 9.8 |
| CVE-2025-20358 | Authentication Bypass | 9.4 |
Cisco has released software updates addressing both vulnerabilities, with no workarounds available.
Organizations running Unified CCX version 12.5 SU3 and earlier must upgrade immediately to version 12.5 SU3 ES07, while users on version 15.0 must install version 15.0 ES01.
The vulnerabilities affect all Unified CCX configurations regardless of deployment settings. Other Cisco products, including Unified Contact Center Enterprise (CCE) and Packaged Contact Center Enterprise, remain unaffected.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Cisco Unified Contact Center Express Vulnerabilities Let Remote Attacker Execute Malicious Code appeared first on Cyber Security News.
As IGN Fan Fest 2026 comes to a close, and we celebrate our favorite franchises…
On Friday afternoon, Donald Trump posted on Truth Social, accusing Anthropic, the AI company behind…
For years, taking down a botnet meant finding its command-and-control (C2) server, seizing the domain,…
A Go-based command-and-control (C2) framework originally marketed within Chinese-speaking offensive security communities has been quietly…
A newly discovered malware campaign has been quietly targeting educational institutions and healthcare organizations across…
New filings announced last week aim to stop the Trump administration from further restricting federal…
This website uses cookies.