Cisco has released patches for a critical vulnerability in Unified CM software, which allows attackers to gain root access using default credentials. The issue affects multiple versions and can be exploited to execute arbitrary commands, though it has not yet been exploited in the wild. #CVE2025-20309 #UnifiedCM #RootAccountVulnerability
Keypoints
- Cisco identified a critical vulnerability (CVE-2025-20309) in its Unified CM software with a CVSS score of 10/10.
- The flaw is caused by static, unchangeable root credentials used during development.
- Attackers could use this vulnerability to log in as root and execute arbitrary commands.
- Patches will be included in the upcoming Unified CM release 15SU3, expected later this month.
- No evidence indicates the vulnerability has been exploited in real-world attacks so far.
Read More: https://www.securityweek.com/cisco-warns-of-hardcoded-credentials-in-enterprise-software/