By rssfeeds-admin 
The advisory details two independent vulnerabilities in the Java Remote Method Invocation (RMI) process that could allow unauthenticated attackers to gain complete system control, including root-level privileges.
The Threat Landscape
The vulnerabilities represent a significant threat to contact center operations worldwide. Attackers can exploit these flaws without authentication or user interaction, making them particularly dangerous in real-world scenarios.
The Java RMI process in Cisco Unified CCX, which handles critical communication functions, contains improper authentication mechanisms that create multiple attack vectors.
The first vulnerability enables attackers to upload arbitrary files and execute commands with root permissions on affected systems.
The second vulnerability allows attackers to bypass authentication mechanisms in the CCX Editor application, tricking the editor into believing they have legitimate access.
Once authenticated, attackers can create and execute arbitrary scripts with administrative privileges.
Both vulnerabilities carry a CVSS base score of 9.8 and 9.4, respectively, indicating critical severity levels.
The attack vector is network-based, requires no special privileges, and demands no user interaction—a dangerous combination that elevates the urgency for immediate patching.
CVE-2025-20354 specifically targets the file upload functionality within the Java RMI process. By uploading specially crafted files, attackers can execute arbitrary commands on the underlying operating system with root-level access, potentially compromising the entire contact center infrastructure.
CVE-2025-20358, meanwhile, focuses on authentication bypass in the CCX Editor application.
Attackers can redirect the authentication flow to malicious servers, creating the illusion of successful authentication and granting them administrative permissions to create and execute scripts.
Cisco Unified CCX versions 12.5 SU3 and earlier, as well as version 15.0 and earlier, require immediate attention.
The company has released fixed software versions: 12.5 SU3 ES07 for legacy deployments and 15.0 ES01 for newer installations.
Cisco confirmed that Unified Contact Center Enterprise (Unified CCE) and Packaged Contact Center Enterprise (Packaged CCE) are not affected by these vulnerabilities, providing some relief for organizations using enterprise-grade solutions.
No workarounds exist to mitigate these vulnerabilities; patching is the only solution. Organizations operating vulnerable versions of Cisco Unified CCX should prioritize upgrading to fixed releases immediately.
Given the critical nature of contact center systems and the potential for complete compromise through these vulnerabilities, swift remediation should take precedence in security roadmaps.
| CVE ID | Vulnerability Type | CVSS Score | Bug ID | Impact |
|---|---|---|---|---|
| CVE-2025-20354 | Remote Code Execution via File Upload | 9.8 | CSCwq36528 | Root-level arbitrary command execution |
| CVE-2025-20358 | Authentication Bypass in CCX Editor | 9.4 | CSCwq36573 | Administrative script creation and execution |
Organizations should review their Cisco Unified CCX deployments immediately and apply patches without delay to prevent potential compromise of critical contact center infrastructure.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
The post Multiple Cisco Unified CCX Flaws Allow Attackers to Execute Arbitrary Commands appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.