Cisco security patch release for CVE-2025-20354
Security Patch Release
Summary
Hide ▲
Show ▼
Cisco released security updates for UCCX and related products, closing a critical root-command execution flaw and other vulnerabilities that could let attackers gain admin or root control on affected systems. The release covers CVE-2025-20354, a CCX Editor authentication-bypass issue, and additional Cisco ISE and contact-center flaws. Cisco told administrators to move to the listed fixed releases as soon as possible.
Related Happenings
Cisco security patch release for CVE-2026-20245
Security Patch Release
H score38
First: 25.06.2026 00:29
Last: 25.06.2026 00:29
Sources 1
About this happening:
Cisco released **security updates** for **Cisco Catalyst SD-WAN** after **CVE-2026-20245** was linked to root-level command execution, and customers were told to move to fixed sof...
Cisco security patch release for CVE-2026-20245
Security Patch ReleaseAbout this happening: Cisco released **security updates** for **Cisco Catalyst SD-WAN** after **CVE-2026-20245** was linked to root-level command execution, and customers were told to move to fixed sof...
Cisco security patch release for CVE-2026-20262
Security Patch Release
H score47
First: 15.06.2026 20:12
Last: 15.06.2026 20:12
Sources 1
About this happening:
**Cisco** released **security updates** for **CVE-2026-20262** in **Catalyst SD-WAN Manager**, covering multiple release trains after the zero-day was exploited to reach **root pr...
Cisco security patch release for CVE-2026-20262
Security Patch ReleaseAbout this happening: **Cisco** released **security updates** for **CVE-2026-20262** in **Catalyst SD-WAN Manager**, covering multiple release trains after the zero-day was exploited to reach **root pr...
Cisco Unified Communications Manager security update for CVE-2026-20230
Security Patch Release
H score56
First: 04.06.2026 14:09
Last: 04.06.2026 14:09
Sources 1
About this happening:
Cisco released **security updates** for **Cisco Unified Communications Manager (Unified CM)** to fix **CVE-2026-20230**, a **critical** flaw that could let a remote attacker reach...
Cisco Unified Communications Manager security update for CVE-2026-20230
Security Patch ReleaseAbout this happening: Cisco released **security updates** for **Cisco Unified Communications Manager (Unified CM)** to fix **CVE-2026-20230**, a **critical** flaw that could let a remote attacker reach...
Cisco Secure Workload REST API patch release (CVE-2026-20223)
Security Patch Release
H score55
First: 22.05.2026 08:36
Last: 22.05.2026 08:36
Sources 1
About this happening:
Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...
Cisco Secure Workload REST API patch release (CVE-2026-20223)
Security Patch ReleaseAbout this happening: Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...
Cisco ThousandEyes and Nexus security patches
Security Patch Release
H score31
First: 21.05.2026 15:04
Last: 21.05.2026 15:04
Sources 1
About this happening:
Cisco released patches for **three medium-severity vulnerabilities** affecting **ThousandEyes Virtual Appliance**, **ThousandEyes Enterprise Agent**, and **Nexus 3000/9000 switche...
Cisco ThousandEyes and Nexus security patches
Security Patch ReleaseAbout this happening: Cisco released patches for **three medium-severity vulnerabilities** affecting **ThousandEyes Virtual Appliance**, **ThousandEyes Enterprise Agent**, and **Nexus 3000/9000 switche...
Timeline
-
06.11.2025 15:31 2 articles · 8mo ago
Cisco patches critical UCCX CVE-2025-20354
Mitigation Patch UpdateCisco released security updates for Cisco Unified Contact Center Express (UCCX) to fix CVE-2025-20354, a critical Java Remote Method Invocation (RMI) flaw that could let unauthenticated attackers upload a crafted file, execute arbitrary commands, and elevate privileges to root on affected systems; Cisco advised administrators to upgrade to the fixed releases and said PSIRT had found no evidence of public exploit code or in-the-wild exploitation.
Show sources
- Critical Cisco UCCX flaw lets attackers run commands as root — www.bleepingcomputer.com — 06.11.2025 15:31
- Critical Cisco UCCX flaw lets attackers run commands as root — www.bleepingcomputer.com — 06.11.2025 15:31
-
06.11.2025 15:31 1 articles · 8mo ago
Cisco patches CCX Editor authentication bypass
Mitigation Patch UpdateCisco patched a critical security flaw in the Contact Center Express (CCX) Editor application of Cisco UCCX that could let unauthenticated attackers bypass authentication, redirect the auth flow to a malicious server, and create and execute arbitrary scripts with admin permissions; Cisco also directed administrators to move to the fixed UCCX releases.
Show sources
- Critical Cisco UCCX flaw lets attackers run commands as root — www.bleepingcomputer.com — 06.11.2025 15:31