Cisco has issued a critical security advisory addressing two severe vulnerabilities in its Unified Contact Center Express (CCX) platform that could enable remote attackers to execute arbitrary commands and gain unauthorized system access.
The vulnerabilities, published on November 5, 2025, require immediate attention from organizations running Cisco Unified CCX systems.
| CVE ID | Vulnerability Type | CVSS Score | Affected Versions |
|---|---|---|---|
| CVE-2025-20354 | Remote Code Execution | 9.8 | 12.5 SU3 and earlier, 15.0 and earlier |
| CVE-2025-20358 | Authentication Bypass | 9.4 | 12.5 SU3 and earlier, 15.0 and earlier |
Critical Threats to CCX Infrastructure
The two vulnerabilities, designated CVE-2025-20354 and CVE-2025-20358, target fundamental security mechanisms in Cisco’s contact center solution. Both flaws carry a CVSS score above 9.0, placing them in the critical severity category.
An unauthenticated attacker exploiting these weaknesses could compromise an entire Unified CCX deployment without requiring valid credentials or user interaction.
The vulnerabilities stem from improper authentication mechanisms in the Java Remote Method Invocation (RMI) process. This core component handles system communications.
CVE-2025-20354 allows attackers to upload arbitrary files through the RMI process and execute commands with root-level privileges.
This represents the most dangerous scenario, as root access grants complete control over the underlying operating system.
CVE-2025-20358 is an authentication bypass in the CCX Editor application that enables attackers to create and execute malicious scripts with administrative permissions for script management.
The vulnerabilities affect Cisco Unified CCX versions 12.5 SU3 and earlier, as well as 15.0 and earlier.
Organizations using these versions face immediate risk and should prioritize updating systems. Cisco has released patches addressing both issues: customers running Cisco Unified CCX 12.5 should upgrade to 12.5 SU3 ES07.
At the same time, those on 15.0 should update to 15.0 ES01. Related Cisco contact center products, including Unified Contact Center Enterprise (CCE) and Packaged CCE, are not affected by these vulnerabilities.
Significantly, Cisco has revealed that no workarounds exist to mitigate these flaws. This means organizations cannot implement temporary defensive measures and must apply software updates immediately to eliminate exposure.
Security researcher Jahmel Harris identified and reported these vulnerabilities to Cisco’s Product Security Incident Response Team (PSIRT).
Currently, no public exploits or malicious implementations are known, but this does not diminish the urgency of patching.
The combination of unauthenticated remote access requirements, high-impact outcomes, and minimal complexity makes these vulnerabilities particularly attractive to threat actors seeking to compromise contact center infrastructure.
Organizations should verify their current Cisco Unified CCX software versions and apply the appropriate patches without delay.
The advisory has been published through Cisco’s official security channels, providing detailed technical specifications for security teams implementing remediation procedures.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.