CVE-2025-20354
Published: 05 November 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-20354 is a critical vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX, arising from improper authentication mechanisms associated with specific features. Published on 2025-11-05, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). The flaw allows an unauthenticated, remote attacker to upload arbitrary files to an affected system.
An unauthenticated, remote attacker can exploit the vulnerability by uploading a crafted file through the Java RMI process. Successful exploitation enables the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.
The Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ provides details on affected versions and recommended mitigations.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unauthenticated remote exploitation of public-facing Java RMI service for arbitrary file upload leading to OS command execution (T1190); directly enables root privilege escalation via exploitation (T1068).