Cisco removed a backdoor account from its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME), tracked as CVE-2025-20309. This critical vulnerability, with a CVSS score of 10, enabled unauthorized remote access to unpatched devices with root privileges. Review the details in this Cybersecurity Threat Advisory to keep your environment safe.
What is the threat?
This vulnerability stems from the presence of static user credentials for the root account, which developers intended for use during development and testing. A threat actor can log into an affected system using these credentials to gain root access and execute arbitrary commands with root privileges. This access allows them to intercept communications, access sensitive data, or disrupt services.
Why is this noteworthy?
A hardcoded backdoor account in a communications platform like Cisco Unified CM is alarming, especially since Cisco has stated that no workarounds are available. The only solution for this vulnerability is to remove the backdoor by upgrading vulnerable devices to Cisco Unified CM and Unified CM SME 15SU3 (July 2025) or by applying the CSCwp27755 patch file. CVE-2025-20309 underscores the importance of rigorous security practices during software development lifecycles and the need for continuous updates to software systems to mitigate risks.
What is the exposure or risk?
Organizations running unpatched versions of Cisco Unified CM face significant risks of unauthorized remote access, data breaches, and operational disruption. If the backdoor account remains in place, threat actors can exploit it to gain root-level control of communications infrastructure, potentially intercepting sensitive data or crippling essential services.
What are the recommendations?
Barracuda recommends the following actions to keep your environment secure against this threat:
- Update systems immediately to remove the hardcoded backdoor account from Cisco Unified CM and protect against unauthorized access.
- Audit your systems to identify and eliminate any lingering vulnerabilities that could be exploited.
How can Barracuda protect you against this threat?
Barracuda has introduced the Managed Vulnerability Security, a fully managed service designed to proactively detect and prioritize vulnerabilities across servers, endpoints, network devices, and cloud infrastructure. This service helps identify unpatched servers and misconfigurations before exploitation can occur.
When combined with Barracuda Managed XDR, it enables a defense-in-depth strategy, closing security gaps while also identifying suspicious login events and lateral movement. This unified approach—integrating vulnerability scanning with XDR’s detection engine—helps organizations stay ahead of advanced threats, reduce vendor complexity, and strengthen their overall security posture.
References
For more in-depth information about the recommendations, please visit the following links:
- https://www.bleepingcomputer.com/news/security/cisco-removes-unified-cm-callManager-backdoor-root-account/
- https://nvd.nist.gov/vuln/detail/CVE-2025-20309
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.