Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
03 July 2025
Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges.
The vulnerability, tracked as CVE-2025-20309, carries a CVSS score