- 153/2025
- Critical
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, gain elevated privileges, execute arbitrary commands, and gain access to the affected system.
Sample of addressed vulnerabilities:
1. Cisco Unified Communications Manager Static SSH Credentials Vulnerability (CVE-2025-20309):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Cisco Spaces Connector Privilege Escalation Vulnerability (CVE-2025-20308):
- CVSS: 6
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Privilege
The Affected Products:
- Cisco Unified CM and Unified CM SME Engineering Special (ES) releases 15.0.1.13010-1 through 15.0.1.13017-1.
- Cisco Spaces Connector.
- Cisco ECE.
- Cisco BroadWorks Application Delivery Platform.
Vulnerabilities
- CVE-2025-20307
- CVE-2025-20308
- CVE-2025-20309
- CVE-2025-20310
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.