Vulnerability in Cisco Unified Communications Manager
CVE-2025-20309
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using…
EPSS: 0.006 (69.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Cisco Unified Communications Manager — versions 15.0.1.13010-1, 15.0.1.13011-1, 15.0.1.13012-1
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-20309?
- CVE-2025-20309 is a critical-severity vulnerability in Cisco Unified Communications Manager, classified under Use of Hard-coded Credentials. CVSS score: 10.0/10. Published 2025-07-02.
- How severe is CVE-2025-20309?
- Critical severity. CVSS v3 base score is 10.0 out of 10.