[Vulnerability Alert] Critical Security Vulnerability in Cisco Unified Communications Manager (CVE-2025-20309)

publish date : 2025-07-10 update date : 2025-07-10

Source: Ministry of education information & communication security contingency platform

Publication Number TACERT-ANA-2025070408071818 Publication Time 2025/07/04 08:57
Incident Type ANA-Vulnerability Alert Discovery Time 2025/07/04 08:57
Impact Level Low  
[Subject]
[Vulnerability Alert] Critical Security Vulnerability in Cisco Unified Communications Manager (CVE-2025-20309)
[Content]
Forwarded from TWCERTCC-200-202507-00000003

Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) are unified communications platforms provided by Cisco, supporting voice, video, messaging, and collaboration functions. Recently, Cisco disclosed a critical security vulnerability (CVE-2025-20309, CVSS: 10.0). The vulnerability is due to a built-in default static credential associated with a root account that exists by default and cannot be modified or deleted by users. This could allow an unauthenticated remote attacker to log in with root privileges and execute arbitrary commands on affected systems.

Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
Cisco Unified Communications Manager versions 15.0.1.13010-1 to 15.0.1.13017-1
[Recommended Actions]
Follow Cisco’s official remediation guidance: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7
[Reference]
https://www.twcert.org.tw/tw/cp-169-10230-c2fec-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center