Cisco on Wednesday announced patches for nearly a dozen vulnerabilities, including two critical flaws leading to remote code execution.
The critical bugs, tracked as CVE-2025-20354 (CVSS score of 9.8) and CVE-2025-20358 (CVSS score of 9.4), impact the Cisco Unified Contact Center Express (Unified CCX) appliance.
The first issue was discovered in the Java Remote Method Invocation (RMI) process and could be exploited remotely, without authentication, to upload arbitrary files and execute arbitrary commands with root privileges.
Improper authentication mechanisms associated with specific Unified CCX functions enable attackers to abuse the Java RMI process to upload a crafted file, allowing them to execute commands on the underlying operating system.
The second defect was discovered in Unified CCX’s Editor application and could be exploited remotely to bypass authentication and elevate privileges to those of an administrator.
Because the communication between the CCX Editor and the Unified CCX server uses improper authentication mechanisms, an attacker could redirect the flow to a malicious server and impersonate Unified CCX, tricking the CCX Editor that the authentication was successful.
“A successful exploit could allow the attacker to create and execute arbitrary scripts on the underlying operating system of an affected Unified CCX server, as an internal non-root user account,” Cisco explains in its advisory.
The flaws were resolved with the release of Unified CCX versions 12.5 SU3 ES07 and 15.0 ES01.
On Wednesday, Cisco also released patches for CVE-2025-20343, a high-severity denial-of-service (DoS) vulnerability in Identity Services Engine (ISE) that can be exploited remotely, without authentication.
A logic error in the processing of a RADIUS access request for a MAC address that had been previously rejected can be exploited by sending multiple crafted requests that would cause ISE to restart unexpectedly.
Cisco also patched eight medium-severity flaws this week. Four in ISE and ISE Passive Identity Connector (ISE-PIC) that could lead to information disclosure or XSS attacks, and four in Unified CCX, Unified CCE, Packaged CCE, and CUIC that could lead to information disclosure, file exfiltration, command execution, and elevation of privilege to root.
The company says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on Cisco’s security advisories page.
On Wednesday, Cisco also updated the advisories for two exploited vulnerabilities in Secure ASA and FTD software, CVE-2025-20333 and CVE-2025-20362, to warn of a new attack variant targeting them.
Related: Apple Patches 19 WebKit Vulnerabilities
Related: Android Update Patches Critical Remote Code Execution Flaw
Related: Cisco Routers Hacked for Rootkit Deployment
Related: Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign
