Cisco has released security updates for a critical vulnerability in Unified Communications Manager, which could allow attackers to gain root access using hardcoded credentials. The flaw, CVE-2025-20309, poses significant risks to network communication systems, but has not been exploited in the wild. #CVE-2025-20309 #UnifiedCM #rootaccess
Keypoints
- Cisco addressed a maximum-severity vulnerability affecting Unified CM and Unified CM SME.
- The flaw is due to static, hardcoded root credentials present during development.
- Successful exploitation allows attackers to execute arbitrary commands as root.
- The vulnerability impacts versions 15.0.1.13010-1 through 15.0.1.13017-1 of the affected systems.
- Cisco provided indicators of compromise and stated no evidence of active exploitation has been found.
Read More: https://thehackernews.com/2025/07/critical-cisco-vulnerability-in-unified.html