• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
critical cisco vulnerability in unified cm grants root access via

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

You are here: Home / General Cyber Security News / Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
July 3, 2025

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges.

The vulnerability, tracked as CVE-2025-20309, carries a CVSS score of 10.0.

“This vulnerability is due to the presence of static user credentials for the root account that are reserved for use during development,” Cisco said in an advisory released Wednesday.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.”

Hardcoded credentials like this usually come from testing or quick fixes during development, but they should never make it into live systems. In tools like Unified CM that handle voice calls and communication across a company, root access can let attackers move deeper into the network, listen in on calls, or change how users log in.

Cybersecurity

The networking equipment major said it found no evidence of the flaw being exploited in the wild, and that it was discovered during internal security testing.

CVE-2025-20309 affects Unified CM and Unified CM SME versions 15.0.1.13010-1 through 15.0.1.13017-1, irrespective of device configuration.

Cisco has also released indicators of compromise (IoCs) associated with the flaw, stating successful exploitation would result in a log entry to “/var/log/active/syslog/secure” for the root user with root permissions. The log can retrieved by running the below command from the command-line interface –

cucm1# file get activelog syslog/secure

The development comes merely days after the company fixed two security flaws in Identity Services Engine and ISE Passive Identity Connector (CVE-2025-20281 and CVE-2025-20282) that could permit an unauthenticated attacker to execute arbitrary commands as the root user.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Previous Post: «north korean hackers target web3 with nim malware and use North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign
Next Post: Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms chinese hackers exploit ivanti csa zero days in attacks on french»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.