【Vulnerability Alert】Significant Security Vulnerability in Cisco Unified Communications Manager (CVE-2025-20309)

• Subject: 【Vulnerability Alert】Significant Security Vulnerability in Cisco Unified Communications Manager (CVE-2025-20309)

• Content Description:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202507-00000003
  • Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Edition (Unified CM SME) are Cisco's unified communications platforms, primarily supporting voice, video, messaging, and collaboration functions.
  • Recently, Cisco issued a major security vulnerability announcement (CVE-2025-20309, CVSS: 10.0). This vulnerability stems from a default static certificate built into the product, which corresponds to a root account that is present by default and cannot be modified or deleted by the user. This vulnerability may allow unauthenticated remote attackers to log in to affected devices with root privileges and execute arbitrary commands.
• Affected Platforms:
  • Cisco Unified Communications Manager versions 15.0.1.13010-1 to 15.0.1.13017-1
• Suggested Measures:
  • Please apply patches according to the solutions released on the official website: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7
• References:
  • https://www.twcert.org.tw/tw/cp-169-10230-c2fec-1.html

Computer and Communications Center
Network Systems Division Respectfully