Cisco Addresses Critical Security Flaw in Unified Communications Manager

Cisco has taken decisive action to address significant security vulnerabilities within its Unified Communications Manager (UCM) product line. Among these vulnerabilities, one has been deemed critical and poses a serious risk to system integrity.

The identified issue, categorized under CVE-2025-20309, allows potential attackers to gain unauthorized access to the UCM and its Session Management Edition with minimal effort. This flaw has been assigned a maximum CVSS score of 10 out of 10, indicating the severity of the threat. Versions affected include 15.0.1.13010-1 through 15.0.1.13017-1 across all configurations.

Exploitation of this vulnerability allows attackers to access a root account using static SSH credentials, which cannot be altered. This access enables remote attackers to execute malicious code with root privileges, effectively compromising the entire system. Cisco has confirmed that the problematic account originated from the development phase.

In response to the vulnerability, Cisco has issued a warning that includes indicators of compromise (IOCs) to assist administrators in identifying potentially compromised systems. The company assures users that the account in question has been disabled in the July 2025 release (15SU3), along with the provision of a security patch for immediate download.

Currently, Cisco has reported no evidence that the vulnerability has been actively exploited by cybercriminals.

Additionally, Cisco has addressed other security concerns, including vulnerabilities in its Enterprise Chat and Email platform and the Application Delivery Platform. The Enterprise Chat and Email system is susceptible to a medium-severity XSS attack (CVE-2025-20310), while the Application Delivery Platform is also vulnerable to similar XSS attacks (CVE-2025-20307). Both platforms have received security patches to mitigate these risks.

Authenticated users of Spaces Connector may also be at risk due to a vulnerability (CVE-2025-20308) that could allow them to gain root access. The latest update for Connector, dated June 3, 2025, includes measures to address this vulnerability.