Cisco has identified two critical vulnerabilities within Unified Contact Center Express (CCX) that pose significant security risks. The primary vulnerability, CVE-2025-20354, boasts a CVSS score of 9.8, enabling attackers to upload arbitrary files via the Java RMI process without authentication. This could allow attackers to execute commands with root privileges, compromising the integrity of contact center operations.
Another critical issue is CVE-2025-20358, which facilitates an authentication bypass in the CCX Editor application with a CVSS score of 9.4. This flaw permits attackers to redirect the authentication process to malicious servers, granting them administrative access to execute arbitrary scripts. These vulnerabilities, especially in their combination, signify a serious threat to organization’s contact center infrastructures, allowing attackers to maintain persistent access and potentially deploy ransomware across systems. Cisco recommends immediate software upgrades to mitigate these vulnerabilities and ensure system security.
👉 Pročitaj original: Cyber Security News
