454/68 Monday, November 10, 2025
Cisco has released a security update addressing a critical vulnerability in Unified Contact Center Express (UCCX), tracked as CVE-2025-20354, with a CVSS score of 9.8. The flaw stems from improper authentication within the Java Remote Method Invocation (RMI) process, allowing remote attackers to upload malicious files and execute commands on the system with root privileges – all without authentication. A successful exploit would give an attacker full control over the Contact Center management system.
According to Cisco’s Security Advisory, the vulnerability allows the RMI endpoint to accept spoofed commands and data, enabling attackers to upload pre-crafted files that trigger command execution at the operating system level and escalate privileges to root. Cisco notes that there is no workaround, and strongly urges users to update to the fixed versions immediately: UCCX 12.5 SU3 ES07 and 15.0 ES01.
Cisco PSIRT confirms that no in-the-wild exploitation of CVE-2025-20354 has been observed so far. However, the company also warns that new attack attempts are targeting Secure Firewall ASA and FTD devices via other vulnerabilities — CVE-2025-20333 and CVE-2025-20362. Organizations are advised to verify their current versions and apply patches promptly to prevent unauthorized access and possible system compromise.
