Cisco Unified CCX is a contact center solution for midsize businesses with up to 400 agents. It performs automated call routing and interactive voice response, and it enables agents to interact with customers through multiple channels, including voice, web chat, email, and social media through a unified desktop client.
Authentication bypass and remote code execution
One of the flaws, tracked as CVE-2025-20354, is located in the Editor application and allows a remote attacker to bypass authentication and obtain the ability to create and execute scripts with administrative privileges. This vulnerability received a CVSS rating of 9.4 out of 10.
“This vulnerability is due to improper authentication mechanisms in the communication between the CCX Editor and an affected Unified CCX server,” the company said in its advisory. “An attacker could exploit this vulnerability by redirecting the authentication flow to a malicious server and tricking the CCX Editor into believing the authentication was successful.”
