Cisco Releases Security Updates to Fix Critical Vulnerability in Unified Communications Manager

Cisco has released security updates to address a critical security vulnerability in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). This vulnerability, identified as CVE-2025-20309, allows an attacker to connect to a vulnerable device as a root user, granting them elevated privileges. The flaw is due to static credentials, which facilitate unauthorized access. This vulnerability has received a high CVSS score, indicating maximum severity.