Cisco Releases Security Updates for Unified CCX

Two critical vulnerabilities could allow for RCE and authentication bypass in Unified Contact Center Express

Threat ID:: CC-4713
Threat Severity:: Medium
Published:: 6 November 2025 1:51 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Two critical vulnerabilities could allow for RCE and authentication bypass in Unified Contact Center Express

Affected platforms

The following platforms are known to be affected:

Cisco Unified Contact Center Express

All prior to 12.5 SU3 ES07
All prior to 15.0 ES01

Threat details

Introduction

Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX).

CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8
CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4

Remediation advice

Affected organisations are strongly encouraged to review Cisco’s cisco-sa-cc-unauth-rce-QeN8h7mQ security advisory and apply the relevant update as soon as possible.

Definitive source of threat updates

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ

CVE Vulnerabilities

Status Published

CVE-2025-20354

A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanisms that are associated to specific Cisco Unified CCX features. An attacker could exploit this vulnerability by uploading a crafted file to an affected system through the Java RMI process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.

Status Published

CVE-2025-20358

A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authentication mechanisms in the communication between the CCX Editor and an affected Unified CCX server. An attacker could exploit this vulnerability by redirecting the authentication flow to a malicious server and tricking the CCX Editor into believing the authentication was successful. A successful exploit could allow the attacker to create and execute arbitrary scripts on the underlying operating system of an affected Unified CCX server, as an internal non-root user account

Last edited: 6 November 2025 1:51 pm