Cisco has disclosed multiple critical vulnerabilities in Unified Contact Center Express (CCX) that allow unauthenticated remote attackers to execute malicious code and escalate privileges.
The vulnerabilities affect the Java Remote Method Invocation (RMI) process and authentication mechanisms, potentially compromising entire contact center deployments.
RCE and Authentication Bypass Vulnerability
The primary vulnerability, CVE-2025-20354, has a critical CVSS score of 9.8, allowing attackers to upload arbitrary files via the Java RMI process without authentication.
Successful exploitation allows attackers to execute commands with root privileges on affected systems.
The vulnerability stems from improper authentication mechanisms in Cisco Unified CCX, leaving organizations’ contact center infrastructure exposed to complete compromise.
Attackers can leverage this flaw to establish persistent access, steal sensitive customer data, or deploy ransomware across entire contact center networks.
CVE-2025-20358 presents an equally dangerous authentication bypass affecting the CCX Editor application.
Rated 9.4 on the CVSS scale, this vulnerability allows attackers to redirect the authentication flow to malicious servers, tricking the CCX Editor into believing legitimate authentication occurred.
Once bypassed, attackers gain administrative permissions to create and execute arbitrary scripts as internal non-root users.
This dual-vulnerability combination creates a sophisticated attack chain that allows remote attackers to escalate privileges and maintain control over contact center operations progressively.
| CVE ID | Vulnerability Type | CVSS Score |
|---|---|---|
| CVE-2025-20354 | Remote Code Execution | 9.8 |
| CVE-2025-20358 | Authentication Bypass | 9.4 |
Cisco has released software updates addressing both vulnerabilities, with no workarounds available.
Organizations running Unified CCX version 12.5 SU3 and earlier must upgrade immediately to version 12.5 SU3 ES07, while users on version 15.0 must install version 15.0 ES01.
The vulnerabilities affect all Unified CCX configurations regardless of deployment settings. Other Cisco products, including Unified Contact Center Enterprise (CCE) and Packaged Contact Center Enterprise, remain unaffected.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
