By Abinaya
Publication Date: 2025-12-18 14:21:00
A critical security advisory addressing multiple severe vulnerabilities in Cisco Unified Contact Center Express (Unified CCX).
That could allow unauthenticated remote attackers to execute arbitrary commands and compromise affected systems.
The vulnerabilities were disclosed on November 5, 2025, with the advisory updated on November 13, 2025. Two distinct vulnerabilities have been identified in the Java Remote Method Invocation (RMI) process of Unified CCX.
| CVE ID | Affected Component | CVSS | Impact |
|---|---|---|---|
| CVE-2025-20354 | Cisco Unified CCX (Java RMI) | 9.8 | Allows unauthenticated attackers to upload files and run commands as root |
| CVE-2025-20358 | Cisco Unified CCX Editor | 9.4 | Let attackers bypass login and gain admin access for script execution |
The first vulnerability, tracked as CVE-2025-20354, enables attackers to upload malicious files and execute arbitrary commands with root privileges on affected systems.
This flaw stems from improper authentication mechanisms…
