Cisco has revealed serious security vulnerabilities in Cisco Unified Contact Center Express (Unified CCX). These issues allow remote, unauthenticated attackers to run commands, gain root-level access, and bypass authentication.
The problems come from weaknesses in the Java Remote Method Invocation (RMI) process and the CCX Editor application, posing major risks to enterprise contact centers.
Vulnerability Details
Two critical flaws were found:
1. CVE-2025-20354 – Remote Code Execution (CVSS 9.8)
This issue affects the Java RMI process. Attackers can upload files without authentication and use them to run system commands and gain full root access.
2. CVE-2025-20358 – Authentication Bypass (CVSS 9.4)
This flaw affects the CCX Editor. Attackers can trick the system into accepting fake authentication, allowing them to create and run scripts with administrative privileges.
Impact
- All Cisco Unified CCX systems are affected, regardless of configuration.
- Packaged CCE and Unified CCE are not impacted.
- The two vulnerabilities are independent and do not need to be chained.
Patches and Recommendations
Cisco has released updates, and no workarounds exist. Organizations should apply patches immediately:
- Unified CCX 12.5: Update to 12.5 SU3 ES07 or later
- Unified CCX 15.0: Update to 15.0 ES01 or later
Systems running older versions (earlier than 12.5 SU3 or 15.0) are at high risk.
Cisco’s PSIRT reports no active attacks yet, but the ease of exploitation makes these vulnerabilities highly attractive to attackers.
- Check your current Unified CCX version and apply the required patches immediately.
- Prioritize patching any system exposed to the internet.
- Use temporary controls like network segmentation and limiting RMI access to trusted networks.
These vulnerabilities allow full system compromise, so urgent action is required to secure affected deployments.
Leave A Comment