Cisco Unified Contact Center Express Remote Code Execution Vulnerabilities
TL;DR 📌
Multiple critical vulnerabilities have been identified in Cisco Unified Contact Center Express (Unified CCX) that could allow unauthenticated remote attackers to execute arbitrary commands and bypass authentication. Immediate action is required to mitigate these risks.
What happened 🕵️♂️
Cisco has disclosed multiple vulnerabilities in the Java Remote Method Invocation (RMI) process of Cisco Unified Contact Center Express. These vulnerabilities could allow an unauthenticated, remote attacker to upload arbitrary files, bypass authentication, execute arbitrary commands, and elevate privileges to root. The vulnerabilities are not dependent on one another, meaning each can be exploited independently.
Affected products 🖥️
The vulnerabilities affect all versions of Cisco Unified CCX, regardless of device configuration. Notably, the following products are confirmed not to be vulnerable:
- Packaged Contact Center Enterprise (Packaged CCE)
- Unified Contact Center Enterprise (Unified CCE)
Fixed software 🔧
Upgrade to the first fixed release in your train (or later):
| Release / Product | First Fixed Release | Notes |
|---|---|---|
| 15.0 | 15.0 ES01 | |
| 1.0 | Initial public release. | |
| Cisco Unified CCX | 12.5 SU3 ES07 | 12.5 SU3 and earlier |
| Cisco Unified CCX | 15.0 ES01 | 15.0 |
Workarounds 🧯
There are no workarounds available to address these vulnerabilities.
Risk in context 🎯
With a CVSS score of 9.8, these vulnerabilities are rated as Critical. The risk is significant due to the potential for unauthenticated remote access, which could lead to severe impacts on system integrity and availability.
Fast facts ⚡
- CVE-2025-20354: Remote Code Execution Vulnerability (CVSS 9.8)
- CVE-2025-20358: Editor Authentication Bypass Vulnerability (CVSS 9.4)
- No workarounds available; immediate patching is essential.
For leadership 🧭
The vulnerabilities in Cisco Unified Contact Center Express pose a Critical risk (CVSS 9.8). They are exploitable by unauthenticated remote attackers, allowing for arbitrary command execution and authentication bypass, which could severely compromise system integrity and availability.
Remediation ask: Patch within 7 days using the fixed software releases provided by Cisco.
Operational impact: Expect a brief maintenance window with no configuration drift anticipated.
Clear Now / Next / Later:
- Now: Review affected systems and schedule patching.
- Next: Apply the recommended software updates.
- Later: Monitor for any signs of exploitation or related vulnerabilities.