CVE-2025-20358

CVE-2025-20358 is a high-severity vulnerability (CVSS 9.4) in the Contact Center Express (CCX) Editor application of Cisco Unified CCX, stemming from improper authentication mechanisms in the communication between the CCX Editor and an affected Unified CCX server. This flaw, classified under CWE-306 (Missing Authentication for Critical Function), enables an unauthenticated, remote attacker to bypass authentication entirely and gain administrative permissions related to script creation and execution on the server.

An attacker can exploit this vulnerability by redirecting the authentication flow to a malicious server and tricking the CCX Editor into accepting it as successful. No privileges, user interaction, or special access are required (AV:N/AC:L/PR:N/UI:N), allowing network-based exploitation with low complexity. Successful exploitation grants the attacker the ability to create and execute arbitrary scripts on the underlying operating system of the affected Unified CCX server, running under an internal non-root user account, potentially leading to high confidentiality and integrity impacts alongside limited availability disruption (C:H/I:H/A:L).

Cisco has published a security advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ providing details on the vulnerability, affected versions, and recommended mitigation steps.