Full Report
Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for remote code execution. Cisco is a leading technology company best known for its networking hardware and software, such as routers and switches, that form the backbone of the internet and enterprise networks. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution as root, which may lead to the complete compromise of the affected device.
Analysis Summary
# Vulnerability: Multiple Critical Flaws in Cisco Unified Contact Center Express (UCCX) Leading to RCE
## CVE Details
- CVE ID: CVE-2025-20354, CVE-2025-20358 (Details provided for both, severity scores not explicitly given for both but the overall advisory indicates RCE as root is possible)
- CVSS Score: Not explicitly provided in the summary, but exploitation leads to **Remote Code Execution as root** (Critical impact).
- CWE: Improper Authentication (Implied for both)
## Affected Systems
- Products: Cisco Unified Contact Center Express (UCCX)
- Versions: Versions 12.5 SU3 and