Unauthenticated Remote Access Vulnerability in Cisco Unified Communications Manager
CVE-2025-20309

10CRITICAL

Key Information:

Vendor

Cisco
Status
Cisco Unified Communications Manager
Vendor
CVE Published:
2 July 2025

Badges

📈 Trended📈 Score: 1,900👾 Exploit Exists📰 News Worthy

What is CVE-2025-20309?

CVE-2025-20309 is a critical vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME), which facilitate voice and video communications across various organizational environments. This vulnerability arises from the presence of static user credentials for the root account, intended for development purposes. These credentials are hard-coded and cannot be altered or deleted, enabling an unauthenticated attacker to gain access to the system remotely. If exploited, an attacker could log in using the root account and potentially execute arbitrary commands, thereby compromising the integrity and confidentiality of the entire communications system. The implications of this vulnerability extend far beyond mere unauthorized access, potentially allowing for extensive manipulation and control of critical communication infrastructures.

Potential Impact of CVE-2025-20309

  1. Unauthorized System Access: The vulnerability allows an unauthenticated attacker to log into an affected device using default credentials, bypassing any security measures intended to restrict access. This could enable malicious actors to exploit the system for various nefarious purposes.

  2. Arbitrary Command Execution: Once access is gained, attackers can execute arbitrary commands as the root user, which could lead to significant disruptions in communications, unauthorized data manipulation, or complete system failure.

  3. Enhanced Risk of Ransomware and Malware Infections: The exploitation of this vulnerability may serve as a launchpad for further attacks, including ransomware deployment, whereby attackers can lock critical assets or data until a ransom is paid. This places organizations at heightened risk not only for immediate disruptions but also for long-term ramifications associated with data loss and recovery expenses.

Affected Version(s)

Cisco Unified Communications Manager 15.0.1.13010-1

Cisco Unified Communications Manager 15.0.1.13011-1

Cisco Unified Communications Manager 15.0.1.13012-1

News Articles

favicon imageArctic Wolf

CVE-2025-20309: Cisco Unified Communications Manager Static SSH Credentials Maximum Severity Vulnerability | Arctic Wolf

Cisco released a security advisory detailing a maximum severity vulnerability (CVE-2025-20309) in Cisco Unified Communications Manager and Unified Communications Manager SME Engineering Special, caused by hard-coded root SSH credentials that cannot be changed or removed.

2 weeks ago

favicon imageHelp Net Security

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) - Help Net Security

Cisco has found hardcoded default credentials (CVE-2025-20309) in its Cisco Unified Communications Manager platform.

2 weeks ago

favicon imageThe Cyber Express

Cisco Patches Critical CVE-2025-20309 Root Access Flaw

CVE-2025-20309 exposes Cisco Unified CM to remote root access via static credentials. No workaround exists—patch or upgrade now.

2 weeks ago

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-20309 : Unauthenticated Remote Access Vulnerability in Cisco Unified Communications Manager