Cisco announced patches for a critical security flaw in Unified Communications Manager and Unified Communications Manager Session Management Edition, rated CVSS 10.0. The vulnerability allows attackers to log in using a root account with static, unchangeable credentials. Affected versions include release 15.0.1.13010-1 through 15.0.1.13017-1. There are no workarounds; users must upgrade to version 15SU3 or apply a specific patch. Cisco indicates no known exploitation of the flaw has occurred in active environments.
Cisco has released patches for a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability, CVE-2025-20309, carries a CVSS score of 10.0, allowing an attacker to log in using the root account with static credentials that cannot be changed. Cisco advises users to upgrade to the latest version or apply the CSCwp27755 patch as there are no workarounds.
An attacker could exploit this vulnerability by using the account to log in to an affected system and execute arbitrary commands as the root user. The vulnerability affects Cisco Unified CM and Unified CM SME Engineering Special releases 15.0.1.13010-1 through 15.0.1.13017-1, regardless of device configuration.
Indicators of compromise include a log entry to /var/log/active/syslog/secure for the root user with root permissions, which is enabled by default. Users should run the command cucm1# file get activelog syslog/secure to retrieve the logs.
Customers with service contracts can receive updates through usual channels; those without should contact Cisco TAC for assistance. Cisco believes the vulnerability has not been exploited in the wild.
Collection
[
|
...
]