Cisco’s Unified Contact Center Express (Unified CCX) is hit by severe Java RMI weaknesses that can allow unauthenticated remote code execution, privilege escalation to root, authentication bypass, and arbitrary file uploads, with CVE-2025-20354 and CVE-2025-20358 driving the risk and a maximum CVSS of 9.8.

The CVE-2025-20358 flaw lies in the authentication gap between the CCX Editor and the Unified CCX server, enabling unauthenticated remote attackers to redirect authentication and run scripts on the server as a non-root user.

Cisco also identified four related flaws in Cisco Contact Center products (CVE-2025-20374 to CVE-2025-20377) that could let attackers with high privileges gain root access, run commands, access sensitive data, or download arbitrary files.

There is no known active exploitation yet, but Cisco stresses updating since no workarounds exist.

Cisco notes none of the vulnerabilities were known to be exploited in the wild at advisory time and points to its security advisories for details.

Exploitation of any one vulnerability does not require exploiting the others; each presents its own risk vector.

The coverage urges readers to subscribe for breaking security news and updates.

Recommendations focus on auditing exposed deployments, applying patches promptly, and upgrading to the fixed software versions to mitigate risk.

The advisories include additional fixes for vulnerabilities that require valid admin credentials within the same releases.

The flaws were reported privately by security researcher Jahmel Harris.

Cisco reports there is no publicly available exploit code or confirmed active exploitation for these critical UCCX flaws at this time.

Cisco issued security advisories with patches addressing the vulnerabilities and notes that there are no workarounds.