CVE-2025-20309
Cisco Unified Communications Manager/Cisco Unified Communications Manager Session Management Edition Root Account Default Credential Vulnerability
Description
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.
INFO
Published Date :
July 2, 2025, 5:15 p.m.
Last Modified :
July 3, 2025, 3:23 p.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
6.0
Exploitability Score :
3.9
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-20309
.
URL | Resource |
---|---|
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7 | Patch Vendor Advisory |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-20309
vulnerability anywhere in the article.

-
The Cyber Express
Microsoft Patch Tuesday July 2025: 130 Vulnerabilities Fixed, 17 High-Risk
Patch Tuesday for July 2025 was the busiest day for Microsoft fixes since January, with 130 Microsoft CVEs patched – including 17 ones at high risk for exploitation. July’s total also included 10 non- ... Read more

-
Help Net Security
Week in review: Sudo local privilege escalation flaws fixed, Google patches actively exploited Chrome
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) If you haven’t ... Read more

-
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Cisco Issues Emergency Fix for Critical Root Credential Flaw in Unified CM
Cisco, a leading networking hardware company, has issued an urgent security alert and released updates to address a severe vulnerability in its Unified Communications Manager (Unified CM) and Unified ... Read more

-
TheCyberThrone
EchoLeak Vulnerability in Microsoft 365 Copilot
Skip to contentOverviewEchoLeak is a critical zero-click vulnerability found in Microsoft 365 Copilot, revealed in 2025 by AIM Security. The flaw allowed attackers to steal sensitive enterprise data w ... Read more

-
Help Net Security
Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309)
Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log ... Read more

-
Cyber Security News
Cisco Unified CM Vulnerability Allows Remote Attacker to Login As Root User
A severe vulnerability in Cisco Unified Communications Manager (Unified CM) systems could allow remote attackers to gain root-level access to affected devices. The vulnerability, designated CVE-2025-2 ... Read more

-
security.nl
Cisco waarschuwt voor kritiek lek door hardcoded SSH-wachtwoord
Cisco waarschuwt organisaties die van Cisco Unified Communications Manager gebruikmaken voor een root-account met een hardcoded SSH-wachtwoord dat niet is te veranderen of verwijderen. Via het wachtwo ... Read more

-
The Cyber Express
Cisco Issues Urgent Patch for Critical Unified CM Vulnerability (CVE-2025-20309)
Cisco has issued a new security advisory addressing a severe vulnerability in its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM ... Read more

-
The Hacker News
Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
Vulnerability / Network Security Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Sessi ... Read more

-
TheCyberThrone
CVE-2025-20309 affects Cisco Unified CM
Skip to content🔎 Vulnerability OverviewCVE ID: CVE-2025-20309Severity: Critical (CVSS v3.1 Score: 10.0)Discovered in: Cisco Unified Communications Manager (Unified CM) and Session Management Edition ( ... Read more

-
Daily CyberSecurity
CVE-2025-20309 (CVSS 10): Cisco Patches Critical Static SSH Root Credential Flaw in Unified CM
Cisco has disclosed a critical vulnerability in its Unified Communications Manager (Unified CM) and Session Management Edition (SME) platforms. Tracked as CVE-2025-20309 and rated CVSS 10, the flaw ex ... Read more

-
The Register
Cisco scores a perfect 10 - sadly for a critical flaw in its comms platform
If you're running the Engineering-Special (ES) builds of Cisco Unified Communications Manager or its Session Management Edition, you need to apply Cisco's urgent patch after someone at Switchzilla mad ... Read more

-
BleepingComputer
Cisco warns that Unified CM has hardcoded root SSH credentials
Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges. Cisco Unified ... Read more
The following table lists the changes that have been made to the
CVE-2025-20309
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Jul. 03, 2025
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:cisco:unified_communications_manager:15.0.1.13010-1:*:*:*:-:*:*:* *cpe:2.3:a:cisco:unified_communications_manager:15.0.1.13010-1:*:*:*:session_management:*:*:* *cpe:2.3:a:cisco:unified_communications_manager:15.0.1.13011-1:*:*:*:-:*:*:* *cpe:2.3:a:cisco:unified_communications_manager:15.0.1.13011-1:*:*:*:session_management:*:*:* *cpe:2.3:a:cisco:unified_communications_manager:15.0.1.13012-1:*:*:*:-:*:*:* *cpe:2.3:a:cisco:unified_communications_manager:15.0.1.13012-1:*:*:*:session_management:*:*:* *cpe:2.3:a:cisco:unified_communications_manager:15.0.1.13013-1:*:*:*:-:*:*:* *cpe:2.3:a:cisco:unified_communications_manager:15.0.1.13014-1:*:*:*:-:*:*:* *cpe:2.3:a:cisco:unified_communications_manager:15.0.1.13015-1:*:*:*:-:*:*:* *cpe:2.3:a:cisco:unified_communications_manager:15.0.1.13016-1:*:*:*:-:*:*:* *cpe:2.3:a:cisco:unified_communications_manager:15.0.1.13017-1:*:*:*:-:*:*:* *cpe:2.3:a:cisco:unified_communications_manager:15.0.1.13013-1:*:*:*:session_management:*:*:* *cpe:2.3:a:cisco:unified_communications_manager:15.0.1.13014-1:*:*:*:session_management:*:*:* *cpe:2.3:a:cisco:unified_communications_manager:15.0.1.13015-1:*:*:*:session_management:*:*:* *cpe:2.3:a:cisco:unified_communications_manager:15.0.1.13016-1:*:*:*:session_management:*:*:* *cpe:2.3:a:cisco:unified_communications_manager:15.0.1.13017-1:*:*:*:session_management:*:*:* Added Reference Type Cisco Systems, Inc.: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7 Types: Patch, Vendor Advisory -
New CVE Received by [email protected]
Jul. 02, 2025
Action Type Old Value New Value Added Description A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Added CWE CWE-798 Added Reference https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-20309
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-20309
weaknesses.