In an alarming move, Cisco announced the removal of a dangerous backdoor account from its Unified Communications Manager (Unified CM), sparking fears of potential remote access by hackers.

Previously known as Cisco CallManager, Unified CM is the backbone of Cisco's IP telephony systems, managing everything from call routing to device management. However, a recently discovered vulnerability, labeled CVE-2025-20309, has sent shockwaves through the tech community.

This flaw was classified as a top-tier security threat due to hardcoded SSH root credentials that were initially intended for testing purposes but inadvertently allowed unpatched devices to be exploited.

Cisco confirmed that the vulnerability affects several versions of Unified CM, specifically from 15.0.1.13010-1 to 15.0.1.13017-1, leaving a broad swath of devices at risk. The company has unfortunately stated that there are no immediate workarounds.

To resolve this critical issue, administrators must either upgrade to the latest version, Unified CM 15SU3, expected by July 2025, or apply the urgent CSCwp27755 patch available from Cisco. This is essential to ensure the safety of their systems against unauthorized access.

Cisco clearly warned that if exploited, attackers could execute any command on the affected systems with root privileges, leading to extreme vulnerabilities.

While there’s currently no evidence of active exploitation, the Cisco Product Security Incident Response Team (PSIRT) has released indicators to help identify affected devices. Admins are advised to check their logs for unusual activity using the command: file get activelog syslog/secure.

This incident is not new for Cisco, which has faced scrutiny over backdoor accounts in various products, including IOS XE and DNA Center. The tech giant is under increased pressure to reinforce security measures to protect its users from potentially devastating breaches.