#cve-2025-20309

#cve-2025-20309

Cisco has released patches for a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability, CVE-2025-20309, carries a CVSS score of 10.0, allowing an attacker to log in using the root account with static credentials that cannot be changed. Cisco advises users to upgrade to the latest version or apply the CSCwp27755 patch as there are no workarounds.