Cisco has released security updates to address the maximum focus security flaws in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME).
The CVSS score for vulnerabilities tracked as CVE-2025-20309 is 10.0.
“This vulnerability is due to the presence of static user credentials for the root account that are reserved for use during development,” Cisco said in an advisory released Wednesday.
“Attackators can exploit this vulnerability by logging in to an affected system using their account. An attacker can now log in to an affected system and run arbitrary commands as the root user.”
Such hardcoded credentials usually come from testing or quick fixes in development, but should not enter a live system. Tools such as Unified CM, which handles voice calls and communications across the company, Root Access allows attackers to delve deeper into the network, listen to calls, and change how users log in.
The Networking Equipment Major said no evidence of exploited defects found in the wild and was discovered during internal security testing.
CVE-2025-20309 affects unified CM and Unified CM SME versions 15.0.1.13010-1 to 15.0.1.13017-1 regardless of device configuration.
Cisco has released defect-related compromise (IOC) metrics, saying that successful exploitation will result in the root user being logged into the root user’s “/log/active/syslog/secure”. The logs can be obtained by running the following command from the command line interface –
CUCM1# Get file Activelog syslog/secure
This development comes a few days after fixing two security flaws: Identity Services Engine and ISE Passive Identity Connector (CVE-2025-20281 and CVE-2025-20282).
Source link
