<ul data-eligibleForWebStory="false"><li>Cisco addressed a static SSH credentials vulnerability in its Unified Communications Manager, tracked as CVE-2025-20309.</li><li>The vulnerability allowed remote attackers to log in using hardcoded root credentials, granting full root privileges without authentication.</li><li>Cisco removed the backdoor account from its Unified Communications Manager to mitigate the issue.</li><li>Admins are advised to upgrade to fixed software releases to prevent exploitation of the vulnerability, with no workarounds available.</li></ul>

Cisco removed the backdoor account from its Unified Communications Manager

Discover more