CVE-2025-20358

Name of the Vulnerable Software and Affected Versions Cisco Unified CCX versions (affected versions not specified)

Description A flaw exists in the Contact Center Express (CCX) Editor application that could allow a remote attacker to circumvent authentication and gain administrative privileges related to script creation and execution. This is caused by inadequate authentication processes during communication between the CCX Editor and a Unified CCX server. An attacker could redirect the authentication process to a malicious server, deceiving the CCX Editor into accepting a fraudulent authentication. Successful exploitation could enable the attacker to create and execute arbitrary scripts on the operating system of the affected Unified CCX server, operating as an internal, non-root user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.