Urgent: Patch Critical Cisco UCCX Vulnerabilities Now
▼ Summary
– Cisco has fixed two critical vulnerabilities (CVE-2025-20358 and CVE-2025-20354) in Unified Contact Center Express that could allow attackers to bypass authentication and compromise systems.
– CVE-2025-20358 enables unauthenticated attackers to execute arbitrary scripts as a non-root user by exploiting missing authentication in the CCX Editor communication.
– CVE-2025-20354 allows unauthenticated attackers to upload files and execute arbitrary commands with root permissions via the Java RMI process.
– These vulnerabilities affect Cisco UCCX v15.0 and v12.5 SU3 and earlier, with fixes available in v15.0 ES01 and v12.5 SU3 ES07, and there are no workarounds.
– There is no current evidence of these vulnerabilities being exploited, but updating to fixed versions is recommended as the flaws were privately disclosed and require no prior exploitation of each other.
Cisco has released crucial security patches addressing two severe vulnerabilities within its Unified Contact Center Express (UCCX) platform. These flaws, identified as CVE-2025-20358 and CVE-2025-20354, could permit unauthorized individuals to bypass authentication checks, take control of affected systems, and escalate their access privileges to the highest root level. Although there are no current reports of these vulnerabilities being actively exploited in the wild, applying the available updates is strongly recommended since no temporary workarounds exist to mitigate the risks.
The Unified CCX software serves as a contact center solution tailored for small and medium-sized operations, typically supporting up to 400 agents. The first vulnerability, CVE-2025-20358, arises from a complete absence of authentication for a vital communication channel between the CCX Editor and the Unified CCX server. According to Cisco, an unauthenticated remote attacker could manipulate the authentication process by redirecting it to a malicious server. This deception would make the CCX Editor incorrectly assume a successful login, enabling the attacker to create and run arbitrary scripts on the server’s operating system under an internal non-root user account.
The second flaw, CVE-2025-20354, involves the Java Remote Method Invocation (RMI) service in Cisco UCCX. This vulnerability could allow unauthenticated remote attackers to upload a specially crafted file to a vulnerable system via the Java RMI interface. If successfully exploited, the attacker would gain the ability to execute arbitrary commands with full root permissions. Cisco emphasizes that these two vulnerabilities are independent, exploiting one does not depend on first exploiting the other.
These security issues were privately reported to Cisco by researcher Jahmel Harris. They impact Cisco UCCX versions 15.0 and 12.5 SU3, including all earlier releases, and are not dependent on any specific device configuration. The company has resolved the problems in updated versions 15.0 ES01 and 12.5 SU3 ES07. These new releases also address additional security flaws, though exploiting those requires the attacker to already possess valid administrative credentials.
Staying informed about the latest security developments is essential for maintaining system integrity. Subscribing to timely breach and vulnerability alerts can help organizations respond quickly to emerging threats.
(Source: HelpNet Security)
