Posted Date: 2025/11/12
[Vulnerability Alert] Cisco Unified Contact Center Express (Unified CCX) has 2 critical security vulnerabilities (CVE-2025-20354)(CVE-2025-20358)
- Subject: [Vulnerability Alert] Cisco Unified Contact Center Express (Unified CCX) has 2 critical security vulnerabilities (CVE-2025-20354)(CVE-2025-20358)
- Content:
- Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202511-00000003
- Cisco Unified Contact Center Express (Unified CCX) is a solution for enterprises to establish customer service centers, integrating multiple communication channels such as voice, instant messaging, and email to improve customer service efficiency. Recently, Cisco released major security vulnerability advisories (CVE-2025-20354, CVSS: 9.8, and CVE-2025-20358, CVSS: 9.4). CVE-2025-20354 is a Remote Code Execution (RCE) vulnerability that allows an unauthenticated attacker to upload arbitrary files and execute arbitrary commands with root privileges on the affected system. CVE-2025-20358 is an authentication bypass vulnerability that may allow an unauthenticated remote attacker to bypass authentication and obtain administrative privileges related to script creation and execution.
- Affected Platforms:
- Cisco Unified Contact Center Express versions up to and including 12.5 SU3
- Cisco Unified Contact Center Express 15.0
- Recommended Measures:
- Please update to the following versions: Cisco Unified Contact Center Express 12.5 SU3 ES07 (inclusive) or later, and Cisco Unified Contact Center Express 15.0 ES01 (inclusive) or later
- References:
Computer and Communications Center
Network Systems Group
