A critical unauthenticated vulnerability in Cisco Unified Communications Manager (Unified CM) allows attackers to remotely forge server requests and write arbitrary files to the operating system, ultimately gaining root-level control without any credentials. Organizations running Unified CM Release 14 prior to 14SU6 or Release 15 prior to 15SU5 with WebDialer enabled are at immediate risk, particularly if the system is internet-facing. With public exploit code available, CISA guidance recommends prioritizing patching within 24-48 hours for unauthenticated RCE vulnerabilities of this severity.