Cisco Unified Contact Center Express Vulnerability Enables Remote Code Execution

vm_admin
Cisco Unified Contact Center Express Vulnerability Enables Remote Code Execution

By AnuPriya
Publication Date: 2025-12-18 13:35:00

Cisco has disclosed multiple critical vulnerabilities in Unified Contact Center Express (Unified CCX) that could enable remote attackers to execute arbitrary code and gain root access without any authentication.

The vulnerabilities reside in the Java Remote Method Invocation (RMI) process and pose significant risks to enterprise contact center deployments worldwide.

The vulnerabilities were first disclosed on November 5, 2025, and updated on November 13, 2025. Two distinct CVEs have been identified affecting the platform, with CVSS scores of 9.8 and 9.4, indicating critical severity.

These flaws require no user interaction and can be exploited over the network by unauthenticated attackers.

Vulnerability Overview

The first vulnerability, CVE-2025-20354, allows remote attackers to upload arbitrary files and execute commands with root privileges via improper authentication.

The second flaw, CVE-2025-20358, enables authentication bypass in the CCX Editor…

Related Posts

Cisco creates entanglement chip
Cisco creates entanglement chip

For Immediate Release 2025-05-07 08:50:00 Powered by potentially dead or alive cats  Cisco boffins have emerged from their smoke filled…