Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log into a vulnerable Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) platforms and use the acquired access to execute arbitrary commands with the highest privileges. About CVE-2025-20309, and how to fix it Cisco Unified Communications Manager – … More

The post Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) appeared first on Help Net Security.