CVE-2025-20354

Published Nov 5, 2025

Last updated 4 months ago

CVSS critical 9.8

Overview

Description
A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanisms that are associated to specific Cisco Unified CCX features. An attacker could exploit this vulnerability by uploading a crafted file to an affected system through the Java RMI process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.
Source
psirt@cisco.com
NVD status
Analyzed
Products
unified_contact_center_express

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

psirt@cisco.com
CWE-434

Social media

Hype score
Not currently trending

  1. Cisco Unified CCX の脆弱性 CVE-2025-20354/20358 が FIX:Java RMI 関連の RCE https://t.co/uLsZnoS0BY この問題の原因は、Cisco Unified CCXで使用されている Java RMI

    @iototsecnews

    5 Jan 2026

    86 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-20354,CVE-2025-20358 : Critical Cisco Unified CCX Flaws Grant Instant Root Access (Mandatory RCE Patch Guide). Read the full report on - https://t.co/pYrR1NWs0g https://t.co/PkT6qnGIUx

    @cyberbivash

    18 Dec 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Critical zero-day bugs have been found in Cisco’s contact‑center software (CCX). Two major RCE flaws (CVE-2025-20354 & CVE-2025-20358) enable remote command execution or bypass authentication. #ZeroDay #Cisco #CyberPatch https://t.co/KWBurt5dTk

    @rapidskillup

    18 Dec 2025

    78 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-20354: Cisco Unified CCX Java RMI arbitrary file upload (CVSS 9.8). Contact center platform vulnerable to unauthenticated remote exploitation. Extended patch cycles on telephony infrastructure. https://t.co/WupZBvLqVD

    @gothburz

    15 Nov 2025

    112 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 Cisco UCCX Critical Vulnerability (CVE-2025-20354) - November 6, 2025 Breach Analysis [Critical] Nov 08, 2025 Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #ThreatIntelligence #CyberSecurity #LLM https://t.co/8B1rcX0pb7

    @transilienceai

    8 Nov 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Cisco UCCX Vulnerability (CVE-2025-20354) #Exploits https://t.co/JNalzACIz3

    @corerouter

    6 Nov 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. ⚠️Vulnerabilidades en productos Cisco ❗CVE-2025-20354 ❗CVE-2025-20358 ❗CVE-2025-20343 ➡️Más info: https://t.co/IdJyxqi14q https://t.co/rxaEw0O0RT

    @CERTpy

    6 Nov 2025

    93 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354) https://t.co/h06noh8gHI #HelpNetSecurity #Cybersecurity https://t.co/8G5BgvjzM6

    @PoseidonTPA

    6 Nov 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. #Cisco corrige deux failles critiques (CVE-2025-20354 & CVE-2025-20358) dans Unified Contact Center Express, la première, permettant l’exécution de code à distance et l’élévation de privilèges à root et la seconde une élévation de privilège. https://t.co/DLeAty

    @cert_ist

    6 Nov 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. #Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354) https://t.co/DP7dE6Mx8f https://t.co/tpZ04Eto28

    @evanderburg

    6 Nov 2025

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨Upozorňujeme na RCE zranitelnosti v Cisco Unified Contact Center Express. CVE-2025-20354: Java RMI RCE V procesu Java RMI systému Cisco Unified CCX existuje kritická chyba způsobená nesprávnými mechanismy ověřování a zpracování souborů. Vzdálený neautentizova

    @GOVCERT_CZ

    6 Nov 2025

    348 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. 🇺🇸 🚨 BREAKING: Cisco discloses multiple critical RCE & auth-bypass flaws in Unified Contact Center Express (incl. CVE-2025-20354) — U.S. contact centers at risk. Apply patches & isolate affected systems. https://t.co/s4YOl4DEWC #Cybersecurity #Infosec

    @STRATINT_AI

    6 Nov 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. コンタクトセンター製品Cisco Unified Contact Center Express (Unified CCX)で重大(Critical)な脆弱性2件が修正。CVE-2025-20354はCVSSスコア9.8で、Java RMIによる無認証でのroot権限遠隔コード実行。CVE-2025-20358はCVSSスコア9.4で、Editor

    @__kokumoto

    6 Nov 2025

    685 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨🚨Cisco Unified CCX Critical Vulns CVE-2025-20354 (CVSS 9.8): RCE — unauthenticated file upload → root command execution. CVE-2025-20358 (CVSS 9.4): Auth bypass → unauthenticated script admin access. ZoomEye Dork👉app="Cisco Unified Contact Center Express" 305 resu

    @zoomeye_team

    6 Nov 2025

    1339 Impressions

    8 Retweets

    11 Likes

    13 Bookmarks

    0 Replies

    0 Quotes

  15. [CVE-2025-20354: CRITICAL] Critical security flaw in Cisco Unified CCX: Java RMI vulnerability enables remote attackers to upload files & run commands with root privileges. Immediate action required.#cve,CVE-2025-20354,#cybersecurity https://t.co/SO3T7Y4KZr https://t.co/cJhU5

    @CveFindCom

    5 Nov 2025

    93 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Cisco Unified CCX Hit by Unauthenticated RCE A new vuln in Cisco Unified CCX (CVE-2025-20354) allows RCE via exposed Java RMI, no auth needed. Patch ASAP. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec #Cisco https://t.co/satmYgd3vm

    @ZeroPathLabs

    5 Nov 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. **CVE-2025-20354** describes a **critical remote code execution (RCE)** vulnerability in **Cisco Unified Contact Center Express (Unified CCX)**. The flaw stems from improper handling of the Java Remote Method Invocation (RMI) process, with **unauthenticated attackers** capable of

    @CveTodo

    5 Nov 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CVE-2025-20354 A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and … https://t.co/vGJVl9MLxN

    @CVEnew

    5 Nov 2025

    293 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a crafted file to the web UI. A successful exploit could allow the attacker to upload arbitrary files to a vulnerable system and execute them, gaining access to the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials.CVE-2025-20375
  2. A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a malicious file to the web UI and executing it. A successful exploit could allow the attacker to execute arbitrary commands on the underlying system and elevate privileges to root. To exploit this vulnerability, the attacker must have valid administrative credentials.CVE-2025-20376
  3. A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A successful exploit could allow the attacker to gain read access to arbitrary files on the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials.CVE-2025-20374
  4. A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authentication mechanisms in the communication between the CCX Editor and an affected Unified CCX server. An attacker could exploit this vulnerability by redirecting the authentication flow to a malicious server and tricking the CCX Editor into believing the authentication was successful. A successful exploit could allow the attacker to create and execute arbitrary scripts on the underlying operating system of an affected Unified CCX server, as an internal non-root user account.CVE-2025-20358
  5. A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.CVE-2025-20288

References

Sources include official advisories and independent security research.