Skip to content
  • Blog Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Posted on July 3, 2025July 3, 2025 By CWS

Jul 03, 2025Ravie LakshmananVulnerability / Community Safety
Cisco has launched safety updates to handle a maximum-severity safety flaw in Unified Communications Supervisor (Unified CM) and Unified Communications Supervisor Session Administration Version (Unified CM SME) that would allow an attacker to login to a vulnerable machine as the basis consumer, permitting them to realize elevated privileges.
The vulnerability, tracked as CVE-2025-20309, carries a CVSS rating of 10.0.
“This vulnerability is because of the presence of static consumer credentials for the basis account which might be reserved to be used throughout improvement,” Cisco mentioned in an advisory launched Wednesday.
“An attacker may exploit this vulnerability by utilizing the account to log in to an affected system. A profitable exploit may permit the attacker to log in to the affected system and execute arbitrary instructions as the basis consumer.”Hardcoded credentials like this often come from testing or fast fixes throughout improvement, however they need to by no means make it into stay techniques. In instruments like Unified CM that deal with voice calls and communication throughout an organization, root entry can let attackers transfer deeper into the community, pay attention to calls, or change how customers log in.

The networking gear main mentioned it discovered no proof of the flaw being exploited within the wild, and that it was found throughout inner safety testing.
CVE-2025-20309 impacts Unified CM and Unified CM SME variations 15.0.1.13010-1 via 15.0.1.13017-1, no matter machine configuration.
Cisco has additionally launched indicators of compromise (IoCs) related to the flaw, stating profitable exploitation would end in a log entry to “/var/log/lively/syslog/safe” for the basis consumer with root permissions. The log can retrieved by working the under command from the command-line interface –
cucm1# file get activelog syslog/safe
The event comes merely days after the corporate mounted two safety flaws in Identification Companies Engine and ISE Passive Identification Connector (CVE-2025-20281 and CVE-2025-20282) that would allow an unauthenticated attacker to execute arbitrary instructions as the basis consumer.

Discovered this text fascinating? Comply with us on Twitter  and LinkedIn to learn extra unique content material we put up.

The Hacker News Tags:Access, Cisco, Credentials, Critical, Grants, Root, Static, Unified, Vulnerability

Post navigation

Previous Post: How to Identify a Zero-Day Vulnerability
Next Post: 50 World’s Best Cyber Security Companies in 2025 (March)

Related Posts

Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs The Hacker News
ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent The Hacker News
Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure The Hacker News
Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts The Hacker News
Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive The Hacker News
Why Runtime Visibility Must Take Center Stage The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Microsoft Warns of Hackers Abuse Teams Features and Capabilities to Deliver Malware
  • Why Threat Prioritization Is the Key SOC Performance Driver  
  • BK Technologies Data Breach – Hackers Compromise IT Systems and Exfiltrate Data
  • BatShadow Group Uses New Go-Based ‘Vampire Bot’ Malware to Hunt Job Seekers
  • Google’s New AI Doesn’t Just Find Vulnerabilities — It Rewrites Code to Patch Them

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Microsoft Warns of Hackers Abuse Teams Features and Capabilities to Deliver Malware
  • Why Threat Prioritization Is the Key SOC Performance Driver  
  • BK Technologies Data Breach – Hackers Compromise IT Systems and Exfiltrate Data
  • BatShadow Group Uses New Go-Based ‘Vampire Bot’ Malware to Hunt Job Seekers
  • Google’s New AI Doesn’t Just Find Vulnerabilities — It Rewrites Code to Patch Them

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News