Cisco has launched safety updates to handle two vital vulnerabilities in Unified Contact Heart Specific (Unified CCX) that would enable unauthenticated attackers to execute arbitrary instructions with root privileges and bypass authentication mechanisms.
The failings, tracked as CVE-2025-20354 and CVE-2025-20358, have an effect on the Java Distant Technique Invocation (RMI) course of and CCX Editor utility, respectively.
Each vulnerabilities stem from improper authentication mechanisms and carry CVSS base scores of 9.8 and 9.4, incomes a “Important” severity ranking from Cisco.
CVE-2025-20354 represents the extra extreme menace, enabling distant attackers to add malicious information by way of the Java RMI course of with out authentication.
Profitable exploitation permits attackers to execute arbitrary instructions on the underlying working system with root privileges, granting full system management.
CVE-2025-20358 targets the CCX Editor utility, permitting attackers to avoid authentication by redirecting the authentication movement to a malicious server.
This methods the CCX Editor into granting administrative permissions for script creation and execution. Whereas exploitation leads to entry as an inside non-root consumer reasonably than root, attackers can nonetheless create and execute arbitrary scripts on the affected server.
Cisco Unified CCX Vulnerability
The vulnerabilities have an effect on all Cisco Unified CCX deployments no matter configuration. Cisco has confirmed that associated merchandise, together with Packaged Contact Heart Enterprise and Unified Contact Heart Enterprise, will not be impacted by these flaws.
The authentication bypass in CVE-2025-20358 exploits weaknesses in communication protocols between the CCX Editor and Unified CCX servers, whereas CVE-2025-20354 leverages inadequate validation within the Java RMI course of to allow arbitrary file uploads.
Cisco has launched patches for affected variations:
Cisco Unified CCX 12.5 SU3 and earlier: Improve to 12.5 SU3 ES07
Cisco Unified CCX 15.0: Improve to fifteen.0 ES01
No workarounds can be found to mitigate these vulnerabilities. Cisco strongly recommends that organizations operating affected variations improve to the fastened releases instantly to remediate the safety dangers totally.
Organizations utilizing Cisco Unified CCX ought to prioritize patching these vulnerabilities given their vital severity and the potential for unauthenticated distant code execution.
The Cisco Product Safety Incident Response Workforce studies no proof of lively exploitation or public proof-of-concept code right now, offering a window for proactive remediation.
System directors ought to confirm their present Unified CCX variations and schedule upkeep home windows to use the safety updates. Given the dearth of workarounds, patching stays the one efficient protection in opposition to these vulnerabilities.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.
