See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Cisco Scores a Perfect 10 for a Critical Comms Flaw

NO LOC, JUL 2 – The vulnerability allows unauthenticated remote attackers to gain root access via hardcoded SSH credentials in Cisco Unified CM, rated CVSS 10.0 with patches due in July 2025.

  • On July 3, 2025, Cisco issued a security advisory highlighting a severe vulnerability impacting specific Engineering Special versions of its Unified Communications Manager and the related Session Management Edition.
  • The vulnerability arises from hardcoded root credentials meant for development that remain unchangeable and allow unauthenticated remote attackers root access.
  • Cisco confirmed no exploitation in the wild but warned that a successful attack enables arbitrary root commands and encouraged admins to check logs for suspicious SSH root logins.
  • Administrators must either update their systems to the latest Unified CM and Unified CM SME 15SU3 release scheduled for July 2025 or obtain the CSCwp27755 patch through Cisco's Technical Assistance Center, as no alternative fixes are available; according to Cisco, upgrading to the most recent software version is the only effective remedy.
  • This flaw, CVE-2025-20309, rated a maximum CVSS score of 10.0, joins recent critical fixes in Cisco products, highlighting persistent risks from leftover development credentials in live systems.
Insights by Ground AI
Does this summary seem wrong?

15 Articles

Tech RadarTech Radar
Reposted by
World NEWS LiveWorld NEWS Live
Center

Cisco warns of a serious security flaw in comms platform - and that it needs patching immediately

Researchers found hardcoded credentials in Cisco Unified Communications Manager

·United Kingdom
Read Full Article
The RegisterThe Register
Center

Cisco scores a perfect 10 for a critical comms flaw

: The second max score this week for Netzilla - not a good look

Read Full Article
BleepingComputerBleepingComputer
Reposted by
cybernoz.comcybernoz.com
Center

Cisco warns that Unified CM has hardcoded root SSH credentials

Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges.

Read Full Article
Malware Analysis, News and IndicatorsMalware Analysis, News and Indicators

CVE-2025-20309: Cisco Unified CM Flaw Enables Remote Root Access

CVE-2025-20309: Cisco Unified CM Flaw Enables Remote Root Access Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now a…

Read Full Article
Global Security Mag OnlineGlobal Security Mag Online
Reposted by
Global Security Mag OnlineGlobal Security Mag Online

Vulnerability in Cisco Products (03 July 2025) – Global Security Mag Online

A vulnerability has been discovered in Cisco products. It allows an attacker to cause a circumvention of security policy. See online: https://www.cert.ssi.gouv.fr/avis/C...

Read Full Article
Help Net SecurityHelp Net Security

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) - Help Net Security

Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log into a vulnerable Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) platforms and use the acquired access to execute arbitrary commands with the highest privileges…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

cybernoz.com broke the news in on Wednesday, July 2, 2025.
Sources are mostly out of (0)

Similar News Topics

Cisco icon

Cisco

News
For You
SearchBlindspotLocal