Cisco has recently released security updates with patches across several of its software products to address a series of vulnerabilities that could potentially impact the security and stability of network infrastructures and collaboration tools.
These updates target issues ranging from denial-of-service (DoS) attacks and privilege escalation to cross-site scripting and command injection. The most urgent updates that should be applied as soon as possible address two high-severity vulnerabilities:
- A high-severity DoS vulnerability (CVE-2025-20152) in Cisco Identity Services Engine (ISE), which if exploited could cause device reloads from custom RADIUS requests. This could disrupt network operations if exploited.
- Another severe privilege escalation flaw (CVE-2025-20113 & CVE-2025-20114) in the Cisco Unified Intelligence Center, which could allow regular users to escalate privileges to root-level administrator privileges.
In addition to these critical issues, Cisco has patched several medium-severity vulnerabilities for other products. These include cross-site scripting (XSS) flaws in Cisco Webex services, which could potentially allow an attacker to persuade a user to follow malicious links and execute harmful scripts within their browsers. Webex Meetings also faced a cache poisoning vulnerability, where malicious HTTP requests could manipulate cached responses, potentially causing users to receive incorrect or malicious data during meetings. And in Duo Self-Service Portal, a command injection vulnerability was resolved where if exploited allowed an unauthenticated attacker to inject malicious commands into emails sent by the service—potentially leading to email-based attacks or system compromise.
Affected cloud software applications include:
- Cisco Identity Services Engine (ISE)
- Cisco Unified Intelligence Center
- Cisco Webex Services
- Cisco Webex Meetings
- Cisco Secure Network Analytics Manager
- Cisco Duo Self-Service Portal
- Cisco Unified Communications Products
- Cisco Unified Contact Center Enterprise Cloud Connect
For a full list of vulnerabilities and detailed remediation steps, visit Cisco’s official security advisories page here.
Leave a Reply