Cisco has fixed two critical vulnerabilities (CVE-2025-20358, CVE-2025-20354) affecting Unified Contact Center Express (UCCX), which may allow attackers to bypass authentication, compromise vulnerable installations, and elevate privileges to root.
The good news is that there is currently no evidence of the vulnerabilities being leveraged by attackers. However, updating to a fixed version is advised, as there are no workarounds for addressing them.
CVE-2025-20358 and CVE-2025-20354 fixed, along with other flaws
Cisco UCCX is a contact-center software solution designed for small to medium-sized deployments (up to about 400 agents).
CVE-2025-20358 stems from missing authentication for a critical function: communication between the CCX Editor and an affected Unified CCX server.
“An [unauthenticated, remote] attacker could exploit this vulnerability by redirecting the authentication flow to a malicious server and tricking the CCX Editor into believing the authentication was successful,” Cisco explains.
“A successful exploit could allow the attacker to create and execute arbitrary scripts on the underlying operating system of an affected Unified CCX server, as an internal non-root user account.”
CVE-2025-20354 affects the Java Remote Method Invocation (RMI) process of Cisco UCCX, and may allow allow unauthenticated, remote attackers to upload a crafted file to an affected system through the Java RMI process and execute arbitrary commands with root permissions on an affected system.
“Exploitation of one of the vulnerabilities is not required to exploit the other vulnerability,” Cisco says.
The vulnerabilities were privately disclosed to Cisco by security researcher Jahmel Harris.
They affect Cisco UCCX v15.0 and v12.5 SU3 and earlier, regardless of device configuration, and have been fixed in v15.0 ES01 and v12.5 SU3 ES07.
These latest releases also fix additional vulnerabilities that require attackers to have valid administrative credentials to be targeted.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!