It really seems that UCCX 12.5 doesn't use ECDSA certificates, but I have seen cases where, even if CCX doesn't use an ECDS, you need to regenerate it after an upgrade (self-signed  ECDS cert is sufficient). eg:https://bst.cloudapps.cisco.com/bugsear...

Hello, have you checked if the router didn't activate the "VFR Detection of Fragment Attacks" feature? Check if there are events with signatures "P_VFR-4-FRAG_*" in the logs or check statistics "show ip virtual-reassembly ethernet1".In a similar case...