Unauthenticated Remote Access Vulnerability in Cisco Unified Communications Manager
CVE-2025-20309

10CRITICAL

Key Information:

Vendor

Cisco
Status
Cisco Unified Communications Manager
Vendor
CVE Published:
2 July 2025

Badges

📈 Score: 221👾 Exploit Exists📰 News Worthy

What is CVE-2025-20309?

CVE-2025-20309 is a critical vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME), which facilitate voice and video communications across various organizational environments. This vulnerability arises from the presence of static user credentials for the root account, intended for development purposes. These credentials are hard-coded and cannot be altered or deleted, enabling an unauthenticated attacker to gain access to the system remotely. If exploited, an attacker could log in using the root account and potentially execute arbitrary commands, thereby compromising the integrity and confidentiality of the entire communications system. The implications of this vulnerability extend far beyond mere unauthorized access, potentially allowing for extensive manipulation and control of critical communication infrastructures.

Potential Impact of CVE-2025-20309

  1. Unauthorized System Access: The vulnerability allows an unauthenticated attacker to log into an affected device using default credentials, bypassing any security measures intended to restrict access. This could enable malicious actors to exploit the system for various nefarious purposes.

  2. Arbitrary Command Execution: Once access is gained, attackers can execute arbitrary commands as the root user, which could lead to significant disruptions in communications, unauthorized data manipulation, or complete system failure.

  3. Enhanced Risk of Ransomware and Malware Infections: The exploitation of this vulnerability may serve as a launchpad for further attacks, including ransomware deployment, whereby attackers can lock critical assets or data until a ransom is paid. This places organizations at heightened risk not only for immediate disruptions but also for long-term ramifications associated with data loss and recovery expenses.

Affected Version(s)

Cisco Unified Communications Manager 15.0.1.13010-1

Cisco Unified Communications Manager 15.0.1.13011-1

Cisco Unified Communications Manager 15.0.1.13012-1

News Articles

favicon imageThe Hacker News

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

CVE-2025-20309 in Cisco Unified CM could grant root access, allowing arbitrary command execution.

1 hour ago

favicon imageBleepingComputer

Cisco warns that Unified CM has hardcoded root SSH credentials

Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges.

13 hours ago

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-20309 : Unauthenticated Remote Access Vulnerability in Cisco Unified Communications Manager