Cisco Unified Communications Manager Vulnerability - 20250703001

Overview

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.

What is vulnerable?

Product(s) Affected	Version(s)	CVE	CVSS	Severity
Cisco Unified CM and Unified CM SME	15.0.1.13010-1 through 15.0.1.13017-1	CVE-2025-20309	10.0	Critical

What has been observed?

The WA SOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 Hours... (refer Patch Management):

• CISCO: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7

Additional References

• SecurityAffairs: https://securityaffairs.com/179577/security/cisco-removed-the-backdoor-account-from-its-unified-communications-manager.html