Cisco Unified Contact Center Express Vulnerabilities Let Remote...

Cisco has disclosed multiple critical vulnerabilities in Unified Contact Center Express (CCX) that allow unauthenticated remote attackers to execute malicious code and escalate privileges.

The vulnerabilities affect the Java Remote Method Invocation (RMI) process and authentication mechanisms, potentially compromising entire contact center deployments.

The primary vulnerability, CVE-2025-20354, has a critical CVSS score of 9.8, allowing attackers to upload arbitrary files via the Java RMI process without authentication.

Successful exploitation allows attackers to execute commands with root privileges on affected systems.

The vulnerability stems from improper authentication mechanisms in Cisco Unified CCX, leaving organizations’ contact center infrastructure exposed to complete compromise.

Attackers can leverage this flaw to establish persistent access, steal sensitive customer data, or deploy ransomware across entire contact center networks.

CVE-2025-20358 presents an equally dangerous authentication bypass affecting the CCX Editor application.

Rated 9.4 on the CVSS scale, this vulnerability allows attackers to redirect the authentication flow to malicious servers, tricking the CCX Editor into believing legitimate authentication occurred.

Once bypassed, attackers gain administrative permissions to create and execute arbitrary scripts as internal non-root users.

This dual-vulnerability combination creates a sophisticated attack chain that allows remote attackers to escalate privileges and maintain control over contact center operations progressively.