Overview
- CVE-2025-20354 targets the Java RMI process in Unified CCX, allowing unauthenticated attackers to upload a crafted file and execute commands with root privileges.
- CVE-2025-20358 abuses the CCX Editor authentication flow by redirecting it to a malicious server, enabling creation and execution of scripts on the Unified CCX server.
- Affected releases include UCCX 15.0 and 12.5 SU3 and earlier, with fixes available in 15.0 ES01 and 12.5 SU3 ES07.
- Cisco PSIRT reports no evidence of public exploit code or in-the-wild attacks, and the issues were privately disclosed by researcher Jahmel Harris.
- Cisco also shipped fixes for additional Contact Center issues and a high-severity Cisco ISE DoS flaw (CVE-2025-20343), reinforcing guidance to patch without delay.