- Description
- A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authentication mechanisms in the communication between the CCX Editor and an affected Unified CCX server. An attacker could exploit this vulnerability by redirecting the authentication flow to a malicious server and tricking the CCX Editor into believing the authentication was successful. A successful exploit could allow the attacker to create and execute arbitrary scripts on the underlying operating system of an affected Unified CCX server, as an internal non-root user account.
- Source
- psirt@cisco.com
- NVD status
- Analyzed
- Products
- unified_contact_center_express
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@cisco.com
- CWE-306
- Hype score
- Not currently trending
CVE-2025-20354,CVE-2025-20358 : Critical Cisco Unified CCX Flaws Grant Instant Root Access (Mandatory RCE Patch Guide). Read the full report on - https://t.co/pYrR1NWs0g https://t.co/PkT6qnGIUx
@cyberbivash
18 Dec 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical zero-day bugs have been found in Cisco’s contact‑center software (CCX). Two major RCE flaws (CVE-2025-20354 & CVE-2025-20358) enable remote command execution or bypass authentication. #ZeroDay #Cisco #CyberPatch https://t.co/KWBurt5dTk
@rapidskillup
18 Dec 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en productos Cisco ❗CVE-2025-20354 ❗CVE-2025-20358 ❗CVE-2025-20343 ➡️Más info: https://t.co/IdJyxqi14q https://t.co/rxaEw0O0RT
@CERTpy
6 Nov 2025
93 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354) https://t.co/h06noh8gHI #HelpNetSecurity #Cybersecurity https://t.co/8G5BgvjzM6
@PoseidonTPA
6 Nov 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Cisco corrige deux failles critiques (CVE-2025-20354 & CVE-2025-20358) dans Unified Contact Center Express, la première, permettant l’exécution de code à distance et l’élévation de privilèges à root et la seconde une élévation de privilège. https://t.co/DLeAty
@cert_ist
6 Nov 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354) https://t.co/DP7dE6Mx8f https://t.co/tpZ04Eto28
@evanderburg
6 Nov 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
コンタクトセンター製品Cisco Unified Contact Center Express (Unified CCX)で重大(Critical)な脆弱性2件が修正。CVE-2025-20354はCVSSスコア9.8で、Java RMIによる無認証でのroot権限遠隔コード実行。CVE-2025-20358はCVSSスコア9.4で、Editor
@__kokumoto
6 Nov 2025
685 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨Cisco Unified CCX Critical Vulns CVE-2025-20354 (CVSS 9.8): RCE — unauthenticated file upload → root command execution. CVE-2025-20358 (CVSS 9.4): Auth bypass → unauthenticated script admin access. ZoomEye Dork👉app="Cisco Unified Contact Center Express" 305 resu
@zoomeye_team
6 Nov 2025
1339 Impressions
8 Retweets
11 Likes
13 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: CVE-2025-20358 in Cisco Unified CCX lets remote attackers bypass authentication & gain admin script access. Patch ASAP & segment your network! 🔒 https://t.co/j5BGs2kde1 #OffSeq #Cisco #Vulnerability https://t.co/4GFT7PvtRS
@offseq
6 Nov 2025
83 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20358 Cisco Unified CCX Editor Authentication Bypass Enabling Remote Script Execution https://t.co/TLEv9FX9ha
@VulmonFeeds
5 Nov 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Unified CCX Editor: Auth Bypass & RCE New flaw CVE-2025-20358 lets attackers bypass auth and exec code remotely on Cisco Unified CCX Editor. Patch ASAP. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec #Cisco https://t.co/G2xHTyz9r6
@ZeroPathLabs
5 Nov 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-20358: CRITICAL] A vulnerability in Cisco's Contact Center Express Editor allows attackers to bypass authentication and gain admin permissions, posing a severe cyber threat.#cve,CVE-2025-20358,#cybersecurity https://t.co/RNh0LutJT2 https://t.co/w0qLIgD94N
@CveFindCom
5 Nov 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
**CVE-2025-20358** involves a critical security flaw found within the **Cisco Unified Contact Center Express (Unified CCX)**, specifically in the **CCX Editor application**. The core issue is an **authentication bypass**, which allows an unauthenticated attacker to gain
@CveTodo
5 Nov 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20358 A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication a… https://t.co/sUl4WjH24R
@CVEnew
5 Nov 2025
276 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF18C21-6E70-4748-99FA-884754F44D1A",
"versionEndExcluding": "12.5\\(1\\)_su03_es07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "124C88AE-ED0C-4CBC-A84D-200EDB776C8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]