Cisco has identified two critical vulnerabilities in its Unified Contact Center Express (Unified CCX) system, enabling unauthenticated attackers to execute arbitrary commands with root privileges. The vulnerabilities, tracked as CVE-2025-20354 and CVE-2025-20358, present severe risks as they allow remote execution and authentication bypass, respectively. CVE-2025-20354 could enable malicious file uploads through the Java RMI process, while CVE-2025-20358 allows attackers to redirect authentication flows, potentially allowing script execution as a non-root user.
Both vulnerabilities impact all Cisco Unified CCX deployments, prompting urgent action from organizations to upgrade to patched versions. Cisco has released updates for versions 12.5 SU3 and earlier, as well as for 15.0, with no workarounds available. Administrators are advised to verify their systems and prioritize patching to mitigate risks, given the critical nature of these flaws. There are currently no indications of active exploitation, allowing time for remediation before any potential attacks.
👉 Pročitaj original: Cyber Security News
