Volerion logoVolerion
Volerion logoVolerion

Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in Cisco Unified Contact Center Express (Unified CCX) Editor due to insecure deserialization of Java objects. An unauthenticated attacker could exploit this vulnerability by convincing an authenticated, local user to open a specially crafted .aef file. If successful, the attacker could execute arbitrary code on the host running the editor application, using the privileges of the user who launched it.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code on the affected device, with the same privileges as the user who opened the malicious .aef file.

Remediation

Users are advised to upgrade to Cisco Unified CCX version 15.0(1) or later. For releases earlier than 15.0, migrate to a fixed release. Consult the Cisco Security Advisories page for guidance on software upgrades.

Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm
spread
4.2
impact
10.0
exploitability
4.4
remediation
7.7
relevance
0.1
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.