CyberSecurity news

FlagThis

@sec.cloudapps.cisco.com //
Cisco is urging immediate action following the discovery of a critical vulnerability, CVE-2025-20309, in its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The flaw stems from hardcoded SSH root credentials that cannot be modified or removed, potentially allowing remote attackers to gain root-level access to affected systems. This vulnerability has a maximum severity rating with a CVSS score of 10.0, indicating it can be easily exploited with devastating consequences.

Cisco's security advisory specifies that all Engineering Special (ES) releases from 15.0.1.13010-1 through 15.0.1.13017-1 are vulnerable, regardless of optional features in use. An unauthenticated remote attacker can exploit this vulnerability by utilizing the static root account credentials to establish SSH connections to vulnerable systems. Once authenticated, the attacker gains complete administrative control over the affected device, enabling the execution of arbitrary commands with root privileges.

There are no temporary workarounds to mitigate this risk. To remediate the vulnerability, administrators are advised to upgrade to version 15SU3 or apply the CSCwp27755 patch. Although Cisco discovered the flaw through internal testing and has not found evidence of active exploitation in the wild, the extreme severity necessitates immediate action to safeguard enterprise communications. The company has issued emergency fixes for the critical root credential flaw in Unified CM.
Original img attribution: https://thecyberexpress.com/wp-content/uploads/CVE-2025-20309.webp
ImgSrc: thecyberexpress

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • MeatMutts: Cisco Urges Immediate Action After Discovering Backdoor in Unified Communications Manager
  • infosec.exchange: : Unified Communications Manager systems could allow remote attackers to gain root-level access. The vulnerability CVE-2025-20309 with a maximum CVSS 10.0, stems from hardcoded SSH root credentials that cannot be modified or removed: 👇
  • Rescana: Critical Cisco Unified CM Vulnerability: Root Access via Static Credentials – Technical Analysis & Mitigation Strategies
  • cybersecuritynews.com: Unified Communications Manager systems could allow remote attackers to gain root-level access. The vulnerability CVE-2025-20309 with a maximum CVSS 10.0, stems from hardcoded SSH root credentials that cannot be modified or removed:
  • hackread.com: Cisco Issues Emergency Fix for Critical Root Credential Flaw in Unified CM
  • thecyberexpress.com: Cisco Issues Urgent Patch for Critical Unified CM Vulnerability (CVE-2025-20309)
  • Arctic Wolf: CVE-2025-20309: Cisco Unified Communications Manager Static SSH Credentials Maximum Severity Vulnerability
  • arcticwolf.com: CVE-2025-20309: Cisco Unified Communications Manager Static SSH Credentials Maximum Severity Vulnerability
  • sec.cloudapps.cisco.com: Security advisory from Cisco addressing the vulnerability.
  • The Register - Security: Cisco scores a perfect 10 - sadly for a critical flaw in its comms platform
  • nvd.nist.gov: Details of the Cisco vulnerability CVE-2025-20309.
Classification:
  • HashTags: #Cisco #Vulnerability #UnifiedCM
  • Company: Cisco
  • Target: Cisco Unified CM
  • Product: Unified CM
  • Feature: Hardcoded Credentials
  • Malware: CVE-2025-20309
  • Type: Vulnerability
  • Severity: Disaster