Cisco Unified CCX is vulnerable to two security vulnerabilities that could allow an unauthenticated, remote attacker to upload arbitrary files, bypass authentication, execute arbitrary commands, and elevate privileges to root. Tracked as CVE-2025-20354 & CVE-2025-20358, both vulnerabilities have critical severity ratings.
Cisco Unified Contact Center Express (UCCX) is a software solution designed for small to medium-sized contact centers, offering customer interaction management features such as automated call distribution (ACD), interactive voice response (IVR), and omnichannel support for voice, email, and web chat.
CVE-2025-20354: Cisco Unified CCX Remote Code Execution Vulnerability
The vulnerability exists in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX, which originates from an improper authentication mechanism associated with specific Cisco Unified CCX features.
An attacker could exploit this vulnerability by uploading a crafted file to an affected system through the Java RMI process. Successful exploitation of the vulnerability may allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system.
CVE-2025-20358: Cisco Unified CCX Editor Authentication Bypass Vulnerability
The vulnerability exists in the Contact Center Express (CCX) Editor application of Cisco Unified CCX, which originates from an improper authentication mechanism in the communication between the CCX Editor and an affected Unified CCX server.
An attacker could exploit this vulnerability by redirecting the authentication flow to a malicious server and tricking the CCX Editor into believing the authentication was successful. Upon successful exploitation, an attacker may create and execute arbitrary scripts on the underlying operating system of an affected Unified CCX server as an internal, non-root user account.
Affected Versions
- Cisco Unified Contact Center Express (Unified CCX) releases 12.5 SU3 ES07 and prior
- Cisco Unified Contact Center Express (Unified CCX) releases from 15.0 and before 15.0 ES01
Mitigation
Customers must upgrade to the following versions to patch the vulnerabilities:
- Cisco Unified Contact Center Express (Unified CCX) releases 12.5 SU3 ES07
- Cisco Unified Contact Center Express (Unified CCX) releases 15.0 ES01
Customers can refer to the Cisco Security Advisory (cisco-sa-cc-unauth-rce-QeN8h7mQ) for information about patches released to address the vulnerabilities.
Qualys Detection
Qualys customers can scan their devices with QID 317749 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References