Cisco Unified CCX is a contact middle resolution for midsize companies with as much as 400 brokers. It performs automated name routing and interactive voice response, and it allows brokers to work together with prospects by way of a number of channels, together with voice, net chat, electronic mail, and social media by way of a unified desktop consumer.
Authentication bypass and distant code execution
One of many flaws, tracked as CVE-2025-20354, is positioned within the Editor software and permits a distant attacker to bypass authentication and acquire the power to create and execute scripts with administrative privileges. This vulnerability obtained a CVSS score of 9.4 out of 10.
“This vulnerability is because of improper authentication mechanisms within the communication between the CCX Editor and an affected Unified CCX server,” the corporate stated in its advisory. “An attacker may exploit this vulnerability by redirecting the authentication movement to a malicious server and tricking the CCX Editor into believing the authentication was profitable.”
