Cisco has fixed two critical vulnerabilities (CVE-2025-20358, CVE-2025-20354) affecting Unified Contact Center Express (UCCX), which may allow attackers to bypass authentication, compromise vulnerable installations, and elevate privileges to root. The good news is that there is currently no evidence of the vulnerabilities being leveraged by attackers. However, updating to a fixed version is advised, as there are no workarounds for addressing them. CVE-2025-20358 and CVE-2025-20354 fixed, along with other flaws Cisco UCCX is a contact-center … More
The post Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354) appeared first on Help Net Security.
