Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
320×100
Redhotcyber Banner Sito 970x120px Uscita 101125
2 critical bugs detected on Cisco Unified Contact Center Express (CCX)

2 critical bugs detected on Cisco Unified Contact Center Express (CCX)

Redazione RHC : 7 November 2025 07:40

Cisco has published two new critical vulnerabilities affecting Cisco Unified Contact Center Express (CCX) , the platform used by thousands of companies to manage contact centers and unified communications.

The two flaws — tracked as CVE-2025-20354 and CVE-2025-20358 — have extremely high severity ratings , with CVSS scores of 9.8 and 9.4 out of 10 , respectively, and could allow remote, unauthenticated malicious actors to gain complete system control or administrative privileges over vulnerable instances.

The vulnerabilities reside in incorrect authentication mechanisms in the RMI processes and in the communication between the CCX Editor and the Unified CCX Server, making it possible to execute arbitrary commands or bypass authentication entirely.

Cisco has already released corrective updates and urges system administrators to proceed with patches immediately , as there are no workarounds or temporary mitigations .

CVE-2025-20354: RCE in Cisco Unified CCX

The vulnerability resides in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX that could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system.

This vulnerability is due to improper authentication mechanisms associated with specific Cisco Unified CCX features. An attacker could exploit this vulnerability by uploading a maliciously crafted file to an affected system via the Java RMI process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root .

Cisco has released software updates that address this vulnerability . There are no workarounds to address it. The bug has a score of 9.8 out of 10.

CVE-2025-20358: Authentication Bypass in Cisco Unified CCX

The vulnerability is in the Contact Center Express (CCX) Editor application of Cisco Unified CCX which could allow an unauthenticated, remote attacker to bypass authentication and gain administrative permissions to create and execute scripts.

This vulnerability is due to incorrect authentication mechanisms in the communication between CCX Editor and an affected Unified CCX server.

An attacker could exploit this vulnerability by redirecting the authentication flow to a malicious server and tricking CCX Editor into believing that authentication was successful. A successful exploit could allow the attacker to create and execute arbitrary scripts on the underlying operating system of an affected Unified CCX server, as an internal non- root user account.

Cisco has released software updates that address this vulnerability . There are no workarounds to address it. The bug has a score of 9.4 out of 10.

Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli