The vulnerabilities reside in the Java Remote Method Invocation (RMI) process and pose significant risks to enterprise contact center deployments worldwide.
The vulnerabilities were first disclosed on November 5, 2025, and updated on November 13, 2025. Two distinct CVEs have been identified affecting the platform, with CVSS scores of 9.8 and 9.4, indicating critical severity.
These flaws require no user interaction and can be exploited over the network by unauthenticated attackers.
The first vulnerability, CVE-2025-20354, allows remote attackers to upload arbitrary files and execute commands with root privileges via improper authentication.
The second flaw, CVE-2025-20358, enables authentication bypass in the CCX Editor application, granting attackers administrative permissions to create and execute malicious scripts.
Both vulnerabilities stem from weak authentication controls and can be exploited independently. Cisco has confirmed there are no available workarounds, making immediate patching the only mitigation strategy.
Cisco Unified CCX versions 12.5 SU3 and earlier, as well as version 15.0, are vulnerable. Fixed versions are now available: 12.5 SU3 ES07 for legacy deployments and 15.0 ES01 for newer installations. Organizations should prioritize upgrading to these patched releases immediately.
Other Cisco contact center products, including Unified Contact Center Enterprise and Packaged Contact Center Enterprise, are not affected by these vulnerabilities.
| CVE ID | Bug ID | CVSS Score | Attack Vector | Severity | Description |
|---|---|---|---|---|---|
| CVE-2025-20354 | CSCwq36528 | 9.8 | Network/Unauthenticated | Critical | Arbitrary file upload and root-level command execution via Java RMI process |
| CVE-2025-20358 | CSCwq36573 | 9.4 | Network/Unauthenticated | Critical | Authentication bypass in CCX Editor allowing malicious script creation and execution |
Organizations using Cisco Unified CCX should apply the security updates without delay. The vulnerabilities affect all platform configurations, making comprehensive patching essential. Administrators should verify their current software versions and plan upgrade schedules accordingly.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Cisco Unified Contact Center Express Vulnerability Enables Remote Code Execution appeared first on Cyber Security News.
For what is believed to be the first time, the state plans to ask the…
Sarah Zuech teaches her four kids that charity begins at home. A person’s first responsibility,…
The Rockford School Board voted unanimously to approve new teacher contracts Wednesday night. This comes…
Cisco has disclosed a critical zero-day vulnerability in its Catalyst SD-WAN products that threat actors…
A hacker exploited Anthropic’s Claude AI chatbot over a month-long campaign starting in December 2025,…
ROCKFORD, Ill. (WTVO) — This week marks four years since Russia's invasion of Ukraine and…
This website uses cookies.