Cisco Issues Emergency Fix for Critical Root Credential Flaw in Unified CM

Cisco, a leading networking hardware company, has issued an urgent security alert and released updates to address a severe vulnerability in its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). This critical flaw, identified as CVE-2025-20309, carries the highest possible severity rating, a CVSS score of 10.0, indicating it can be easily exploited with devastating consequences.

Understanding the Threat

The vulnerability stems from “static user credentials for the root account that are reserved for use during development,” as stated by Cisco in its advisory. In simpler terms, these systems were shipped with a secret, unchanging username and password for a super-user account, known as the root user. A root user has complete control over a system, able to execute any command and access all files. Because these credentials are static, meaning they don’t change and cannot be deleted by users, so ...