Cisco has issued security updates to address the maximum-seriousness security defect in the Integrated Communications Manager (Integrated CM) and Integrated Communication Management Sessions Management Edition (Integrated CM SME), which can allow an attacker to login into a susceptible tool as a original user, which can lead to high privileges.
Pulpy, tracked as Cve-2025-20309CVSS of 10.0 scores.
“This is due to the presence of stable user credentials for the vulnerable root account that are reserved for use during development,” Cisco said on Wednesday.
“An attacker can take advantage of this vulnerability using an account to log into an affected system. A successful exploitation may allow the attacker to log in into the affected system and execute the arbitrary command as root user.”
Such hardcoded credentials usually come from testing or quick improvement during development, but they should never be made in live systems. In devices such as unified CMs that handle voice calls and communication in a company, root access may deepen the attackers to the network, listen to the call, or change how users log in.
Networking tool Major said that he found no evidence of exploiting defects in the wild, and it was discovered during the internal security testing.
The CVE-2025-20309 Integrated CM and Integrated CM SME version affects 15.0.1.1301010-1 via 15.0.1.13017-1, whether despite the device configuration.
Cisco has also issued indicators of agreement (IOCs) associated with the defect, which will result in a log entry for the root user for the root user as a result of successful exploitation. Command -Logue can be recalled by running the command given below the line interface –
cucm1# file get activelog syslog/secure
In the development service engine and ISE Passive Identity Connector (CVE-2025-20281 and CVE-2025-20282), the development took place a few days after fixing two security flaws, which could allow an informal assault to execute arbitrary command as a root user.
