Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX) that could allow unauthenticated attackers to execute arbitrary commands with root privileges and bypass authentication mechanisms.
The flaws, tracked as CVE-2025-20354 and CVE-2025-20358, affect the Java Remote Method Invocation (RMI) process and CCX Editor application, respectively.
Both vulnerabilities stem from improper authentication mechanisms and carry CVSS base scores of 9.8 and 9.4, earning a “Critical” severity rating from Cisco.
CVE-2025-20354 represents the more severe threat, enabling remote attackers to upload malicious files through the Java RMI process without authentication.
Successful exploitation enables attackers to execute arbitrary commands on the underlying operating system with root privileges, granting complete system control.
CVE-2025-20358 targets the CCX Editor application, allowing attackers to circumvent authentication by redirecting the authentication flow to a malicious server.
This tricks the CCX Editor into granting administrative permissions for script creation and execution. While exploitation results in access as an internal non-root user rather than root, attackers can still create and execute arbitrary scripts on the affected server.
Cisco Unified CCX Vulnerability
The vulnerabilities affect all Cisco Unified CCX deployments regardless of configuration. Cisco has confirmed that related products, including Packaged Contact Center Enterprise and Unified Contact Center Enterprise, are not impacted by these flaws.
The authentication bypass in CVE-2025-20358 exploits weaknesses in communication protocols between the CCX Editor and Unified CCX servers, while CVE-2025-20354 leverages insufficient validation in the Java RMI process to enable arbitrary file uploads.
Cisco has released patches for affected versions:
Cisco Unified CCX 12.5 SU3 and earlier: Upgrade to 12.5 SU3 ES07
Cisco Unified CCX 15.0: Upgrade to 15.0 ES01
No workarounds are available to mitigate these vulnerabilities. Cisco strongly recommends that organizations running affected versions upgrade to the fixed releases immediately to remediate the security risks fully.
Organizations using Cisco Unified CCX should prioritize patching these vulnerabilities given their critical severity and the potential for unauthenticated remote code execution.
The Cisco Product Security Incident Response Team reports no evidence of active exploitation or public proof-of-concept code at this time, providing a window for proactive remediation.
System administrators should verify their current Unified CCX versions and schedule maintenance windows to apply the security updates. Given the lack of workarounds, patching remains the only effective defense against these vulnerabilities.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Multiple vulnerabilities in Cisco Unified CCX Allow Attackers to Execute Arbitrary Commands appeared first on Cyber Security News.
