Cisco has issued security patches to remedy a critical security issue in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that may enable an intruder to access an affected device as the root user, granting them increased privileges. The weakness, identified as CVE-2025-20309, holds a CVSS rating.