By rssfeeds-admin 
The vulnerabilities reside in the Java Remote Method Invocation (RMI) process and pose significant risks to enterprise contact center deployments worldwide.
The vulnerabilities were first disclosed on November 5, 2025, and updated on November 13, 2025. Two distinct CVEs have been identified affecting the platform, with CVSS scores of 9.8 and 9.4, indicating critical severity.
These flaws require no user interaction and can be exploited over the network by unauthenticated attackers.
Vulnerability Overview
The first vulnerability, CVE-2025-20354, allows remote attackers to upload arbitrary files and execute commands with root privileges via improper authentication.
The second flaw, CVE-2025-20358, enables authentication bypass in the CCX Editor application, granting attackers administrative permissions to create and execute malicious scripts.
Both vulnerabilities stem from weak authentication controls and can be exploited independently. Cisco has confirmed there are no available workarounds, making immediate patching the only mitigation strategy.
Cisco Unified CCX versions 12.5 SU3 and earlier, as well as version 15.0, are vulnerable. Fixed versions are now available: 12.5 SU3 ES07 for legacy deployments and 15.0 ES01 for newer installations. Organizations should prioritize upgrading to these patched releases immediately.
Other Cisco contact center products, including Unified Contact Center Enterprise and Packaged Contact Center Enterprise, are not affected by these vulnerabilities.
| CVE ID | Bug ID | CVSS Score | Attack Vector | Severity | Description |
|---|---|---|---|---|---|
| CVE-2025-20354 | CSCwq36528 | 9.8 | Network/Unauthenticated | Critical | Arbitrary file upload and root-level command execution via Java RMI process |
| CVE-2025-20358 | CSCwq36573 | 9.4 | Network/Unauthenticated | Critical | Authentication bypass in CCX Editor allowing malicious script creation and execution |
Organizations using Cisco Unified CCX should apply the security updates without delay. The vulnerabilities affect all platform configurations, making comprehensive patching essential. Administrators should verify their current software versions and plan upgrade schedules accordingly.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Cisco Unified Contact Center Express Vulnerability Enables Remote Code Execution appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.