This posting is here to collect cyber security news in July 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in July 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
1 Comment
Tomi Engdahl says:
Cisco warns that Unified CM has hardcoded root SSH credentials
https://www.bleepingcomputer.com/news/security/cisco-removes-unified-cm-callManager-backdoor-root-account/
Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges.
Cisco Unified Communications Manager (CUCM), formerly known as Cisco CallManager, serves as the central control system for Cisco’s IP telephony systems, handling call routing, device management, and telephony features.
The vulnerability (tracked as CVE-2025-20309) was rated as maximum severity, and it is caused by static user credentials for the root account, which were intended for use during development and testing.