Cisco has released security updates to patch a critical vulnerability in the Unified Contact Center Express (UCCX) software, which could enable attackers to execute commands with root privileges.
The Cisco UCCX platform, described by the company as a "contact center in a box," is a software solution for managing customer interactions in call centers, supporting up to 400 agents.
Tracked as CVE-2025-20354, this security flaw was discovered in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX by security researcher Jahmel Harris, allowing unauthenticated attackers to execute arbitrary commands remotely with root permissions.
"This vulnerability is due to improper authentication mechanisms that are associated to specific Cisco Unified CCX features," Cisco explained in a Wednesday security advisory.
"An attacker could exploit this vulnerability by uploading a crafted file to an affected system through the Java RMI process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root."
Yesterday, Cisco also patched a critical security flaw in the Contact Center Express (CCX) Editor application of Cisco UCCX, which allows unauthenticated attackers to remotely bypass authentication and create and execute arbitrary scripts with admin permissions.
This can be exploited by tricking the CCX Editor app into believing the authentication process was successful after redirecting the auth flow to a malicious server.
IT admins are advised to upgrade their Cisco UCCX software to one of the fixed releases listed in the table below as soon as possible.
Cisco Unified CCX Release First Fixed Release 12.5 SU3 and earlier 12.5 SU3 ES07 15.0 15.0 ES01
While the vulnerabilities affect Cisco Unified CCX software regardless of device configuration, the Cisco Product Security Incident Response Team (PSIRT) has yet to find evidence of publicly available exploit code or that the two critical security flaws have been exploited in the wild.
... continue reading