Cisco has discovered hardcoded login credentials with root access in its Unified Communications Manager, requiring immediate patching.
The security flaw, tracked as CVE-2025-20309 with a severity score of 10/10, affects different releases of the Unified CM software.
Affected versions, ranging from 15.0.1.13010-1 to 15.0.1.13017-1, have no workarounds, and the only solution is to upgrade to version 15SU3 released in July 2025.
No evidence of abuse has been reported, and hardcoded credentials represent a common cause of system infiltrations in software applications.