4 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Cisco Unified Communications Manager Static Root SSH Credentials
CVSS Score: 10.0 (Critical)
Identifier: CVE-2025-20309
Exploit or POC: No known public exploit or PoC yet
Update: CVE-2025-20309 – Cisco Security Advisory
Description: CVE-2025-20309 is a critical vulnerability in Cisco Unified Communications Manager (Unified CM) and the Session Management Edition (SME) where the root account includes hard-coded, static SSH credentials that cannot be changed or removed. This design flaw allows any unauthenticated, remote attacker to log in with the root account and execute arbitrary commands as root. A successful exploit could lead to full device takeover, with the attacker able to modify configurations, intercept calls, introduce malware, or disrupt communications infrastructure.
Affected Versions:
- Unified CM and Unified CM SME Engineering Special (ES) releases 15.0.1.13010-1 through 15.0.1.13017-1
Mitigation Recommendation: