Cisco patched a critical vulnerability (CVE-2025-20309, CVSS 10) in Unified CM and CM SME that allowed root access via unchangeable static credentials. Affected versions span 15.0.1.13010-1 to 15.0.1.13017-1, with no evidence of active exploitation. Cisco also fixed three medium-severity flaws in other products.