Cisco has patched a serious remote code execution vulnerability (CVE-2026-20045) in its Unified Communications and Webex Calling products, which has been actively exploited in attacks. The flaw allows attackers to gain elevated access on affected systems through crafted HTTP requests. Users are urged to update their software as there are no effective workarounds.

Cisco has announced a critical vulnerability, tracked as CVE-2025-20337, in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that allows unauthenticated remote attackers to gain root access through arbitrary code execution. The vulnerability has a maximum CVSS score of 10, and Cisco has released patches to address it along with related vulnerabilities disclosed in June. Customers are urged to upgrade to the latest software versions to mitigate the risk.

Cisco has addressed a critical security vulnerability (CVE-2025-20309) in its Unified Communications Manager software, which allowed unauthenticated remote access due to static root account credentials that cannot be changed or deleted. The flaw was discovered during internal testing, and affected users are advised to update their systems or apply a provided patch, as exploitation indicators have been identified in system logs.