Cisco has addressed a critical security issue in its Unified Communications Manager (Unified CM) software, removing a hardcoded root SSH account that could allow unauthenticated attackers to remotely gain full control of vulnerable systems.
The flaw, tracked as CVE-2025-20309, affects versions 15.0.1.13010-1 through 15.0.1.13017-1 of both Unified CM and its Session Management Edition (SME), and received the highest severity rating due to the use of static root credentials. These credentials, originally intended for internal development and testing, cannot be changed or removed by users, making them a major security risk.
Cisco has advised customers to update to version 15SU3 or apply the patch CSCwp27755 to resolve the issue, as no other workaround exists. Although there is currently no evidence of active exploitation or public proof-of-concept code, Cisco has provided indicators of compromise and log review steps for system administrators.
This vulnerability adds to a growing list of similar backdoor account incidents in Cisco's product history. Admins are urged to act quickly to protect their systems from potential breaches.
Read more...