Cisco has addressed a critical security vulnerability (CVE-2025-20309) in its Unified Communications Manager software, which allowed unauthenticated remote access due to static root account credentials that cannot be changed or deleted. The flaw was discovered during internal testing, and affected users are advised to update their systems or apply a provided patch, as exploitation indicators have been identified in system logs.