What is CVE-2025-20354?

CVE-2025-20354 is a critical vulnerability with a CVSS score of 9.8 in the Java RMI process of Cisco Unified Contact Center Express. It allows an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system, potentially leading to complete system compromise.

What is CVE-2025-20358?

CVE-2025-20358 is a critical authentication bypass vulnerability with a CVSS score of 9.4 in the CCX Editor application. It allows an unauthenticated, remote attacker to obtain administrative permissions for script creation and execution. Attackers can exploit this by redirecting the authentication flow to a malicious server and tricking the CCX Editor into believing the authentication was successful, enabling them to create and execute arbitrary scripts on the underlying operating system as an internal non-root user account.

Which versions of Cisco Unified CCX are vulnerable?

All versions of Cisco Unified Contact Center Express prior to the fixed releases are vulnerable, regardless of device configuration. This includes Cisco Unified CCX Release 12.5 SU3 and earlier versions, and Cisco Unified CCX Release 15.0.

What can attackers do by exploiting these Cisco vulnerabilities?

By exploiting CVE-2025-20354, unauthenticated attackers can upload arbitrary files and execute arbitrary commands with root permissions, leading to complete system compromise. By exploiting CVE-2025-20358, attackers can obtain administrative permissions to create and execute arbitrary scripts on the underlying operating system as an internal non-root user account, potentially gaining control over the CCX Editor application.

What are the patched versions of Cisco Unified CCX?

The patched versions are Cisco Unified CCX Release 12.5 SU3 ES07 and later versions, and Cisco Unified CCX Release 15.0 ES01 and later versions. Organizations should upgrade to these versions depending on their current deployment.

Are there workarounds for the Cisco Unified CCX vulnerabilities?

No, there are no workarounds available to address these vulnerabilities. Organizations must upgrade to the patched versions to protect their systems from exploitation.

What is Cisco Unified Contact Center Express?

Cisco Unified Contact Center Express (Unified CCX) is a contact center platform that provides customer interaction management capabilities. The platform includes features like the CCX Editor application for script creation and a Java RMI process for system operations, both of which are affected by the recently disclosed vulnerabilities.

How does the CVE-2025-20358 authentication bypass work?

CVE-2025-20358 allows attackers to redirect the authentication flow to a malicious server and trick the CCX Editor into believing the authentication was successful. This authentication bypass grants attackers administrative permissions for script creation and execution, enabling them to create and execute arbitrary scripts on the underlying operating system as an internal non-root user account.

What permissions can attackers gain through CVE-2025-20354?

Through CVE-2025-20354, attackers can execute arbitrary commands with root permissions on an affected system. This represents the highest level of system access and allows for complete compromise of the Cisco Unified CCX installation.

Do these Cisco vulnerabilities require authentication to exploit?

No, both CVE-2025-20354 and CVE-2025-20358 can be exploited by unauthenticated, remote attackers. This makes these vulnerabilities particularly dangerous as attackers do not need any legitimate credentials to exploit them and compromise affected systems.

What is the Java RMI process in Cisco Unified CCX?

The Java RMI (Remote Method Invocation) process in Cisco Unified CCX is a component that enables remote method calls for distributed Java applications. CVE-2025-20354 exploits a vulnerability in this process to allow unauthenticated attackers to upload arbitrary files and execute arbitrary commands with root permissions.

What is the CCX Editor application?

The CCX Editor application is part of Cisco Unified Contact Center Express that provides script creation and execution capabilities. CVE-2025-20358 affects this application through an authentication bypass vulnerability that allows attackers to obtain administrative permissions without proper authentication.

What is the severity level of these Cisco vulnerabilities?

Both vulnerabilities are critical severity. CVE-2025-20354 has a CVSS score of 9.8, and CVE-2025-20358 has a CVSS score of 9.4. These high scores reflect the unauthenticated remote exploitation capability and the significant impact of complete system compromise or unauthorized administrative access.

Are all configurations of Cisco Unified CCX vulnerable?

Yes, all versions of Cisco Unified Contact Center Express prior to the fixed releases are vulnerable, regardless of device configuration. This means that specific configuration changes cannot mitigate the risk, and upgrading to a patched version is necessary.

What level of user permissions do attackers get through CVE-2025-20358?

Through CVE-2025-20358, attackers can create and execute arbitrary scripts on the underlying operating system as an internal non-root user account. While this is not root-level access like CVE-2025-20354, it still provides significant control over the CCX Editor application and the ability to execute malicious scripts.

Can CVE-2025-20354 be exploited remotely?

Yes, CVE-2025-20354 can be exploited by an unauthenticated, remote attacker. The vulnerability in the Java RMI process allows attackers to upload arbitrary files and execute arbitrary commands with root permissions without requiring physical access to the system or authentication credentials.

What Cisco Unified CCX version should I upgrade to from Release 12.5?

If you are running Cisco Unified CCX Release 12.5 SU3 or earlier, you should upgrade to Cisco Unified CCX Release 12.5 SU3 ES07 or later. This version contains the necessary security fixes for both CVE-2025-20354 and CVE-2025-20358.

What Cisco Unified CCX version should I upgrade to from Release 15.0?

If you are running Cisco Unified CCX Release 15.0, you should upgrade to Cisco Unified CCX Release 15.0 ES01 or later. This version includes patches for both critical vulnerabilities disclosed in this advisory.

Advisory

Cisco patches critical flaws in Unified Contact Center Express

Q: Do these vulnerabilities affect other Cisco contact center products?

No, Cisco has confirmed that these vulnerabilities do not affect Packaged Contact Center Enterprise (Packaged CCE) or Unified Contact Center Enterprise (Unified CCE) products. Only Cisco Unified Contact Center Express (Unified CCX) is affected.

published: Nov. 6, 2025

Take action: If you use Cisco Unified Contact Center Express, plan a very quick update to version 12.5 SU3 ES07 or 15.0 ES01. There are critical flaws that let unauthenticated attackers execute commands with root privileges and bypass authentication. Prioritize systems exposed on the internet.

Learn More

Cisco has patched critical security vulnerabilities in its Unified Contact Center Express (Unified CCX) platform that could allow unauthenticated attackers to completely compromise affected systems.

Vulnerabilities summary:

CVE-2025-20354 (CVSS score 9.8): vulnerability in the Java RMI process allows an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system.
CVE-2025-20358 (CVSS score 9.4): authentication bypass vulnerability in the CCX Editor application allows an unauthenticated, remote attacker to obtain administrative permissions for script creation and execution. An attacker can exploit this by redirecting the authentication flow to a malicious server and tricking the CCX Editor into believing the authentication was successful, enabling them to create and execute arbitrary scripts on the underlying operating system as an internal non-root user account.

All versions of Cisco Unified Contact Center Express (Unified CCX) prior to the fixed releases are vulnerable, regardless of device configuration:

Cisco Unified CCX Release 12.5 SU3 and earlier versions
Cisco Unified CCX Release 15.0

Patched versions:

Cisco Unified CCX Release 12.5 SU3 ES07 and later versions
Cisco Unified CCX Release 15.0 ES01 and later versions

Cisco has confirmed that these vulnerabilities do not affect Packaged Contact Center Enterprise (Packaged CCE) or Unified Contact Center Enterprise (Unified CCE) products.

Organizations should upgrade to Cisco Unified CCX Release 12.5 SU3 ES07 or Release 15.0 ES01, depending on their deployment version. There are no workarounds available to address these vulnerabilities.

Cisco patches critical flaws in Unified Contact Center Express

Read More
Adobe releases patches for critical issues in Acrobat, …
Palo Alto confirms PAN-OS vulnerability CVE-2025-0108 actively exploited
Critical XWiki vulnerability exploited in crypto mining malware …
Critical Authentication Bypass and Smuggling Flaws Impact Siemens …
Palo Alto Networks reports actively exploited DoS flaw …