The networking equipment major said it found no evidence of the flaw being exploited in the wild, and that it was discovered during internal security testing.
CVE-2025–20309 affects Unified CM and Unified CM SME versions 15.0.1.13010–1 through 15.0.1.13017–1, irrespective of device configuration.