<ul data-eligibleForWebStory="false">Cisco addressed a static SSH credentials vulnerability in its Unified Communications Manager, tracked as CVE-2025-20309.The vulnerability allowed remote attackers to log in using hardcoded root credentials, granting full root privileges without authentication.Cisco removed the backdoor account from its Unified Communications Manager to mitigate the issue.Admins are advised to upgrade to fixed software releases to prevent exploitation of the vulnerability, with no workarounds available.