A newly disclosed, critical vulnerability in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (SME) has exposed organizations to the risk of full system compromise.
Tracked as CVE-2025-20309 and assigned a maximum CVSS score of 10.0, the flaw allows unauthenticated remote attackers to gain root access using static, hardcoded SSH credentials that were inadvertently left in production releases.
https://gbhackers.com/cisco-unified-cm-vulnerability/