Cisco plugs security holes in several products – also critical ones
Cisco has discovered security vulnerabilities in several products and warns about them in security notifications. Updates are available.
Vulnerabilities threaten Cisco devices.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Cisco has published eight security bulletins in which the company addresses vulnerabilities in several products. At least one vulnerability is considered a critical risk by the developers. IT administrators should plan to install the available updates as soon as possible.
The most serious vulnerabilities are in Cisco's Identity Services Engine (ISE). Attackers with read-only admin access can inject arbitrary commands due to insecure deserialization of data in the API and extend their rights (CVE-2025-20124, CVSS 9.9, risk “critical”). In addition, malicious actors with read rights can read sensitive information, change configurations or restart the node due to insufficient rights checks in the API (CVE-2025-20125, CVSS 9.1, critical).
High-risk vulnerabilities in IOS
Attackers can also launch denial-of-service attacks against vulnerable devices in Cisco's IOS, IOS XE and IOS XR. This is caused by several vulnerabilities in the Simple Network Management Protocol (SNMP) subsystem of the software. If they are logged in, they can provoke a DoS from the network (CVE-2025-20169, CVE-2025-20170, CVE-2025-20171, CVE-2025-20172, CVE-2025-20173, CVE-2025-20174, CVE-2025-20175, CVE-2025-20176, all CVSS 7.7, high; and in particular for CVE-2025-20172 in IOS XR CVSS 4.3, medium).
Videos by heise
Cisco writes for all security vulnerabilities that the company has no knowledge of any abuse of the vulnerabilities by attackers at the time of reporting.
The security notifications with the notes on the updated software are sorted by descending threat level:
- Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities (CVSS 9.9, critical)
- Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities (CVSS 7.7, high)
- Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Vulnerabilities (CVSS 6.5, medium)
- Cisco Expressway Series Cross-Site Scripting Vulnerability (CVSS 6.1, medium)
- Cisco Secure Web Appliance Range Request Bypass Vulnerability (CVSS 5.8, medium)
- Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities (CVSS 4.8, medium)
- Cisco Secure Email and Web Manager and Secure Email Gateway Cross-Site Scripting Vulnerability (CVSS 4.8, medium)
- Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance SNMP Polling Information Disclosure Vulnerability (CVSS 4.3, medium)
IT managers should check whether they have vulnerable products in use and apply the updates quickly.
Around two weeks ago, Cisco had already sealed critical security gaps in Meeting Management and other vulnerabilities in Broadworks and ClamAV.
(dmk)
