Cisco Warns of Hardcoded Credentials in Enterprise Software - SecurityWeek

Cisco released patches for a critical vulnerability in its Unified CM and Unified CM SME communication management software. The issue, CVE-2025-20309, allows attackers to log in as the root account due to the presence of static user credentials. Cisco also released patches for three medium-severity vulnerabilities affecting other products.