Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cisco security patch release for CVE-2025-20354

Security Patch Release
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

Cisco released security updates for UCCX and related products, closing a critical root-command execution flaw and other vulnerabilities that could let attackers gain admin or root control on affected systems. The release covers CVE-2025-20354, a CCX Editor authentication-bypass issue, and additional Cisco ISE and contact-center flaws. Cisco told administrators to move to the listed fixed releases as soon as possible.

Related Happenings

Cisco Secure Workload REST API patch release (CVE-2026-20223)

Security Patch Release
First: 22.05.2026 08:36 Last: 22.05.2026 08:36 Sources 1

About this happening: Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...

Open Happening

Cisco ThousandEyes and Nexus security patches

Security Patch Release
First: 21.05.2026 15:04 Last: 21.05.2026 15:04 Sources 1

About this happening: Cisco released patches for **three medium-severity vulnerabilities** affecting **ThousandEyes Virtual Appliance**, **ThousandEyes Enterprise Agent**, and **Nexus 3000/9000 switche...

Open Happening

Cisco security patch release for CVE-2026-20182

Security Patch Release
First: 14.05.2026 20:45 Last: 14.05.2026 20:45 Sources 1

About this happening: Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...

Open Happening

Cisco security patch release for CVE-2026-20184

Security Patch Release
First: 16.04.2026 14:27 Last: 16.04.2026 14:27 Sources 1

About this happening: **Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...

Open Happening

TP-Link security patch release for CVE-2025-15517

Security Patch Release
First: 25.03.2026 13:11 Last: 25.03.2026 13:11 Sources 1

About this happening: **TP-Link** released **security updates** for its **Archer NX** router series to close a critical authentication-bypass flaw that could let attackers upload firmware without loggi...

Open Happening

Timeline

  1. 06.11.2025 15:31 2 articles · 6mo ago

    Cisco patches critical UCCX CVE-2025-20354

    Mitigation Patch Update

    Cisco released security updates for Cisco Unified Contact Center Express (UCCX) to fix CVE-2025-20354, a critical Java Remote Method Invocation (RMI) flaw that could let unauthenticated attackers upload a crafted file, execute arbitrary commands, and elevate privileges to root on affected systems; Cisco advised administrators to upgrade to the fixed releases and said PSIRT had found no evidence of public exploit code or in-the-wild exploitation.

    Show sources
    Open in new tab
  2. 06.11.2025 15:31 1 articles · 6mo ago

    Cisco patches CCX Editor authentication bypass

    Mitigation Patch Update

    Cisco patched a critical security flaw in the Contact Center Express (CCX) Editor application of Cisco UCCX that could let unauthenticated attackers bypass authentication, redirect the auth flow to a malicious server, and create and execute arbitrary scripts with admin permissions; Cisco also directed administrators to move to the fixed UCCX releases.

    Show sources
    Open in new tab