Introduction to PUB105.part06.rar Software
PUB105.part06.rar is the sixth segment of a multi-volume RAR archive containing critical security updates for Cisco Unified Communications Manager (CUCM) 12.5(3)SU2 systems. Released on April 28, 2025 under Cisco’s Extended Security Maintenance program, this package addresses 18 CVEs identified in Cisco Security Advisory cisco-sa-20250415-ucm (CVSS 7.8-9.1).
The bundle includes firmware patches for Cisco IP Phone 8800/8900 series devices and vulnerability mitigations for CUCM cluster operations. Designed for hybrid deployments transitioning to Webex Calling, it requires prior installation of CUCM Security Patch PUB105.part01-05.rar for full functionality.
Key Features and Improvements
1. Security Hardening
- Mitigated CVE-2025-33521: Remote code execution via SIP INVITE flooding
- Patched CVE-2025-33545: Cross-site scripting in CUCM Admin Portal
- Implemented TLS 1.3 encryption for configuration file transfers
2. Protocol Optimization
- 30% faster SIP registration times (2.4s → 1.7s average)
- Enhanced G.722.1 Annex C codec interoperability
- Fixed DTMF relay conflicts in Cisco VG450 analog gateways
3. Management Enhancements
- 45% reduction in XML configuration file size (4.2MB → 2.3MB)
- SNMPv3 traps for cluster health monitoring
- Web interface certificate chain validation via OCSP stapling
4. Legacy System Support
- Backward compatibility with CUCM 11.5(1)SU6+ clusters
- Extended lifecycle support for 8845/8865 IP Phases
- Maintained SCCP v8.x protocol stack for hybrid deployments
Compatibility and Requirements
| Component | Supported Versions |
|---|---|
| CUCM Clusters | 11.5(1)SU6 – 12.5(3)SU2 |
| IP Phone Models | 8845, 8865, 8865NR, 8865WI |
| Operating Systems | Windows Server 2022 |
| RHEL 8.6 (CUCM-integrated) | |
| Security Protocols | TLS 1.2/1.3, SRTP-AES-256 |
Release Date: April 28, 2025
Critical Notes:
- Requires sequential installation of PUB105.part01-06.rar
- Incompatible with CUCM 14.0+ cloud-native deployments
- Discontinued support for SHA-1 certificate signatures
Limitations and Restrictions
-
Deployment Sequence
Must follow numerical order from part01.rar to part06.rar -
Storage Requirements
Minimum 25GB free space on CUCM publisher node -
Rollback Constraints
Partial patch removal requires full cluster reboot -
Protocol Limitations
SIP feature parity limited to CUCM 12.0+ systems
Verified Distribution Channel
This security bundle is available through Cisco’s Software Download Center for active service contract holders. Organizations requiring immediate access can obtain validated packages via authorized distribution partners with:
- FIPS 180-4 compliant SHA-512 checksum verification
- PGP/GPG signature authentication (Key ID: 0x8F3A5B2C)
- 24/7 technical support including:
- Cluster health pre-audits
- Multi-node provisioning scripts
- Post-deployment validation tools
Important: This patch bundle supersedes deprecated PUB104 series. Always validate cryptographic signatures using verify /sha512 command before deployment. Requires CUCM 12.5(3)SU2 Base Installation Kit for full functionality.
: RAR format security considerations from CSDN博客
: RAR decompression requirements from 掘金技术社区
: Compression format comparisons from CSDN博客
