Unauthenticated Remote Access Vulnerability in Cisco Unified Communications Manager
CVE-2025-20309
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 2 July 2025
Badges
What is CVE-2025-20309?
CVE-2025-20309 is a critical vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME), which facilitate voice and video communications across various organizational environments. This vulnerability arises from the presence of static user credentials for the root account, intended for development purposes. These credentials are hard-coded and cannot be altered or deleted, enabling an unauthenticated attacker to gain access to the system remotely. If exploited, an attacker could log in using the root account and potentially execute arbitrary commands, thereby compromising the integrity and confidentiality of the entire communications system. The implications of this vulnerability extend far beyond mere unauthorized access, potentially allowing for extensive manipulation and control of critical communication infrastructures.
Potential Impact of CVE-2025-20309
-
Unauthorized System Access: The vulnerability allows an unauthenticated attacker to log into an affected device using default credentials, bypassing any security measures intended to restrict access. This could enable malicious actors to exploit the system for various nefarious purposes.
-
Arbitrary Command Execution: Once access is gained, attackers can execute arbitrary commands as the root user, which could lead to significant disruptions in communications, unauthorized data manipulation, or complete system failure.
-
Enhanced Risk of Ransomware and Malware Infections: The exploitation of this vulnerability may serve as a launchpad for further attacks, including ransomware deployment, whereby attackers can lock critical assets or data until a ransom is paid. This places organizations at heightened risk not only for immediate disruptions but also for long-term ramifications associated with data loss and recovery expenses.
Affected Version(s)
Cisco Unified Communications Manager 15.0.1.13010-1
Cisco Unified Communications Manager 15.0.1.13011-1
Cisco Unified Communications Manager 15.0.1.13012-1
News Articles

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
CVE-2025-20309 in Cisco Unified CM could grant root access, allowing arbitrary command execution.
1 hour ago
Cisco warns that Unified CM has hardcoded root SSH credentials
Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges.
13 hours ago
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved