Cisco Product Security Update Advisory (CVE-2025-20309)

Overview

 

Cisco has released security updates that address vulnerabilities in Cisco products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-20309

 

Cisco Unified Communications Manager (Unified CM) Versions: 15.0.1.13010-1 and later and 15.0.1.13017-1 and earlier
Cisco Unified Communications Manager Session Management Edition (Unified CM SME) Versions: 15.0.1.13010-1 or later and 15.0.1.13017-1 or earlier

 

 

Resolved Vulnerabilities

 

Weak SSH Credential Vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) (CVE-2025-20309)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-20309

 

Cisco Unified Communications Manager (Unified CM) version: 15SU3 (expected July 2025 release) or apply patch file from Referenced Sites[2]
Cisco Unified Communications Manager Session Management Edition (Unified CM SME) version: 15SU3 (expected July 2025 release) or apply the patch file from the reference site[2]

 

 

References

 

[1] Cisco Unified Communications Manager Static SSH Credentials Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7
[2] Unified Communications Manager Version 15
https://software.cisco.com/download/home/286331940/type/286319173/release/COP-Files