Cisco warns of a serious security flaw in comms platform - and that it needs patching immediately

• Login credentials for an account with root access was found in Cisco's Unified Communications Manager
• There are no workarounds, just a patch, so users should update now
• Different versions of the tool are affected

Another hardcoded credential for admin access has been discovered in a major software application - this time around it’s Cisco, who discovered the slip-up in its Unified Communications Manager (Unified CM) solution.

Cisco Unified CM is an enterprise-grade IP telephony call control platform providing voice, video, messaging, mobility, and presence services. It manages voice-over-IP (VoIP) calls, and allows for the management of tasks such as user/device provisioning, voicemail integration, conferencing, and more.

Recently, Cisco found login credentials coded into the program, allowing for access with root privileges. The bug is now tracked as CVE-2025-20309, and was given a maximum severity score - 10/10 (critical). The credentials were apparently used during development and testing, and ...