Authentication Bypass Vulnerability in Cisco Unified Contact Center Express Editor
CVE-2025-20358

9.4CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Unified Contact Center Express
Vendor: CVE Published:; 5 November 2025

Badges

👾 Exploit Exists

What is CVE-2025-20358?

A vulnerability exists in the Contact Center Express (CCX) Editor application of Cisco Unified CCX that allows an unauthenticated remote attacker to bypass authentication controls. This flaw stems from inadequate authentication mechanisms in the communication between the CCX Editor and the Unified CCX server. Exploitation of this vulnerability can enable attackers to redirect authentication flows to malicious servers, thus deceiving the CCX Editor into unauthorized access. A successful attack grants attackers administrative permissions to create and execute arbitrary scripts on the affected Unified CCX server as an internal non-root user account, creating significant security risks.

Affected Version(s)

Cisco Unified Contact Center Express 10.5(1)SU1

Cisco Unified Contact Center Express 10.6(1)

Cisco Unified Contact Center Express 11.6(1)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Nov 5, 2025
Vulnerability published
Nov 5, 2025
Vulnerability Reserved
Oct 10, 2024

JSON