CVE-2025-20358Missing Authentication for Critical Function in Cisco Unified Contact Center Express

CWE-306Missing Authentication for Critical FunctionCWE-434Unrestricted File Upload4 documents4 sources
Severity
9.8CRITICALNVD
CNA9.4
EPSS
0.4%
top 39.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Contact Center ExpressCisco Unified Contact Center Express
Timeline
PublishedNov 5

Description

A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authentication mechanisms in the communication between the CCX Editor and an affected Unified CCX server. An attacker could exploit this vulnerability by redirecting the authentication flow to a malicious server a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDcisco/unified_contact_center_express< 12.5\(1\)_su03_es07+1

🔴Vulnerability Details

2
CVEList
Cisco Unified Contact Center Express Editor Authentication Bypass Vulnerability2025-11-05
GHSA
GHSA-w3hc-3vf9-xjj9: A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass2025-11-05

📋Vendor Advisories

1
Cisco
Cisco Unified Contact Center Express Remote Code Execution Vulnerabilities2025-11-05
CVE-2025-20358 — Cisco vulnerability | cvebase