Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cisco Unified CCX unauthenticated root RCE (CVE-2025-20354)

Vulnerability
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

Cisco patched CVE-2025-20354 in Cisco Unified CCX, a flaw in the Java RMI process that lets unauthenticated attackers execute commands as root on affected systems. The weakness affects a contact center platform used to manage customer interactions, raising the risk of full operating-system compromise. Cisco says it has issued fixed releases and that there is no evidence of public exploit code or in-the-wild use so far.

Related Happenings

CISA urgent mitigation order for Cisco FMC CVE-2026-20131

Advisory/Mitigation
First: 23.03.2026 12:30 Last: 23.03.2026 12:30 Sources 1

About this happening: **CISA** ordered **federal civilian agencies** to patch **CVE-2026-20131** in **Cisco Secure Firewall Management Center (FMC)** within **three days** or discontinue use if mitigat...

Open Happening

Cisco Catalyst SD-WAN active exploitation wave

Exploitation Wave
First: 05.03.2026 14:15 Last: 05.03.2026 14:15 Sources 1

About this happening: **Cisco** confirmed **active exploitation** of **two recently patched Catalyst SD-WAN vulnerabilities**, creating immediate risk for exposed systems that have not been fully remed...

Open Happening

Cisco IOS XE BadCandy exploitation wave

Exploitation Wave
First: 31.10.2025 17:38 Last: 31.10.2025 17:38 Sources 1

About this happening: Ongoing **BadCandy** exploitation of **unpatched Cisco IOS XE devices** in **Australia** has left **over 150 devices** compromised and enabled repeat re-infection on previously al...

Open Happening

Cisco network-device rootkit campaign

Campaign
First: 16.10.2025 18:00 Last: 16.10.2025 18:00 Sources 1

About this happening: A **Cisco** network-device **rootkit campaign** is exploiting **CVE-2025-20352** and a modified **CVE-2017-3881** Telnet flaw to gain persistent, unauthorized access on exposed de...

Open Happening

Operation Zero Disco Cisco IOS/IOS XE rootkit campaign

Campaign
First: 16.10.2025 14:38 Last: 16.10.2025 14:38 Sources 1

About this happening: A **new campaign** dubbed **Operation Zero Disco** exploited **CVE-2025-20352** against **Cisco IOS Software** and **IOS XE Software**, enabling **Linux rootkits** and persistent...

Open Happening

Timeline

  1. 06.11.2025 15:31 2 articles · 6mo ago

    Cisco patches CVE-2025-20354 in Cisco Unified CCX

    Initial Disclosure

    Cisco released security updates for Cisco Unified CCX to address CVE-2025-20354, a critical flaw in the Java RMI process that lets unauthenticated attackers upload a crafted file, execute arbitrary commands on the underlying operating system, and elevate privileges to root. Cisco said fixed releases are available for 12.5 SU3 and earlier as 12.5 SU3 ES07, and for 15.0 as 15.0 ES01, while Cisco PSIRT has not found evidence of public exploit code or in-the-wild exploitation.

    Show sources
    Open in new tab