Cisco Fixes Critical SSH Hardcoded Credentials Vulnerability in Unified Communications Manager
BreakingNewsSecurityCISCOCiscoUnifiedCommunicationsManagerHackinghackingnewsinformationsecuritynewsITInformationSecurityPierluigiPaganiniSecurityAffairsSecurityNews
Cisco has addressed a static SSH credentials vulnerability in its Unified Communications Manager (Unified CM). This flaw, listed under the number CVE-2025-20309 with a CVSS score of 10, allows remote attackers to connect using hardcoded root credentials set during development. The Cisco Unified Communications Manager (CUCM) is a call management system. The vulnerability also affects the Session Management Edition of the product.