Ethical Hacking News
Cisco has issued a critical security update to patch a vulnerability in its Unified Contact Center Express (UCCX) software, which could allow attackers to execute commands with root privileges. The update addresses two critical flaws that could be exploited by unauthenticated attackers to gain elevated access to systems.
A recent security vulnerability has been discovered in Cisco Unified Contact Center Express (UCCX) software that could allow attackers to execute commands with root privileges.The vulnerability is due to improper authentication mechanisms associated with specific Cisco Unified CCX features, allowing unauthenticated attackers to execute arbitrary commands remotely with root permissions.Four other security flaws in Cisco Contact Center products can be exploited by attackers with high-level privileges to gain root permissions, execute arbitrary commands, access sensitive information, or download arbitrary files.IT administrators are advised to upgrade their Cisco UCCX software to one of the fixed releases listed as soon as possible to protect against potential threats.Staying informed about the latest security vulnerabilities and patching software in a timely manner is crucial to reduce the risk of a successful attack.
A recent security vulnerability has been discovered in the Cisco Unified Contact Center Express (UCCX) software, which could potentially allow attackers to execute commands with root privileges. This critical flaw was identified by security researcher Jahmel Harris and is tracked as CVE-2025-20354.
The vulnerability is due to improper authentication mechanisms associated with specific Cisco Unified CCX features, allowing unauthenticated attackers to execute arbitrary commands remotely with root permissions. An attacker could exploit this vulnerability by uploading a crafted file to an affected system through the Java Remote Method Invocation (RMI) process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.
This is not the only security flaw discovered in Cisco UCCX software. Yesterday, Cisco also patched a critical security flaw in the Contact Center Express (CCX) Editor application of Cisco UCCX, which allows unauthenticated attackers to remotely bypass authentication and create and execute arbitrary scripts with admin permissions. This can be exploited by tricking the CCX Editor app into believing the authentication process was successful after redirecting the auth flow to a malicious server.
The vulnerabilities affect Cisco Unified CCX software regardless of device configuration. However, the Cisco Product Security Incident Response Team (PSIRT) has yet to find evidence of publicly available exploit code or that the two critical security flaws have been exploited in the wild.
In addition to these critical vulnerabilities, four other security flaws in Cisco Contact Center products (CVE-2025-20374, CVE-2025-20375, CVE-2025-20376, and CVE-2025-20377) can be exploited by attackers with high-level privileges to gain root permissions, execute arbitrary commands, access sensitive information, or download arbitrary files.
These recent security vulnerabilities in Cisco UCCX software highlight the importance of keeping software up-to-date and implementing robust security measures to protect against potential threats. IT administrators are advised to upgrade their Cisco UCCX software to one of the fixed releases listed in the table below as soon as possible.
Cisco Unified CCX Release
First Fixed Release
12.5 SU3 and earlier
12.5 SU3 ES07
15.0
15.0 ES01
While the vulnerabilities affect Cisco Unified CCX software regardless of device configuration, it is essential to note that the Cisco Product Security Incident Response Team (PSIRT) has not found evidence of publicly available exploit code or that the two critical security flaws have been exploited in the wild.
However, this does not mean that users should be complacent. It is crucial to remain vigilant and take proactive measures to secure their systems against potential threats. In recent months, Cisco has addressed several other security vulnerabilities in its products, including a Cisco ISE vulnerability that allowed threat actors to run commands as root on vulnerable appliances.
In September, CISA issued an emergency directive ordering U.S. federal agencies to secure Cisco firewall devices on their networks against two flaws (CVE-2025-20333 and CVE-2025-20362) that have been exploited in zero-day attacks. Days later, the threat monitoring service Shadowserver found over 50,000 Internet-exposed Cisco ASA and FTD firewall appliances that were left unpatched.
These recent security incidents highlight the need for organizations to prioritize cybersecurity and take proactive measures to protect their systems against potential threats. By staying informed about the latest security vulnerabilities and patching their software in a timely manner, organizations can reduce the risk of a successful attack.
In conclusion, the discovery of critical security vulnerabilities in Cisco UCCX software serves as a reminder of the importance of cybersecurity and the need for proactive measures to protect systems against potential threats. IT administrators are advised to upgrade their Cisco UCCX software to one of the fixed releases listed above as soon as possible and remain vigilant about the latest security vulnerabilities.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-UCCX-Flaw-Exposed-A-Critical-Security-Vulnerability-That-Could-Allow-Attackers-to-Run-Commands-as-Root-ehn.shtml
Published: Thu Nov 6 14:11:52 2025 by llama3.2 3B Q4_K_M
