Cisco: High-risk gaps in Meraki and Enterprise Chat

In the Anyconnect VPN software of Cisco's Meraki MX and Z series as well as in Enterprise Chat and Email, the developers have discovered high-risk security vulnerabilities. Updated firmware and software is available to close them. Admins should install them quickly.

With valid VPN credentials, malicious actors can provoke a denial of service (DoS) in the Anyconnect VPN service of Cisco's Meraki MX and Z devices, the manufacturer explains in a security announcement. This is due to the fact that a variable is not initialized when an SSL VPN session is established, allowing attackers to pass manipulated attributes. This can lead to a restart of the service, which also affects other VPN sessions (CVE-2025-20212, CVSS 7.7, risk"high").

Cisco lists various vulnerable devices in the security advisory. There are updates for the individual firmware branches, versions 18.107.12 (for 18.1 branch), 18.211.4 (for 18.2 firmwares) and 19.1.4 close the security leaks. Firmwares prior to 16.2 are not vulnerable, 16.2 and 17 versions should migrate to the bug-fixed development branches.

Security vulnerability in Cisco Enterprise Chat and Email

In Cisco's Enterprise Chat and Email (ECE), unauthenticated attackers from the network can provoke a denial of service. According to Cisco's warning, this is due to insufficient verification of user-submitted data at chat entry points. By sending manipulated requests, malicious actors can paralyze the chat service, which does not recover automatically but requires a restart by admins (CVE-2025-20139, CVSS 7.5, risk"high").

Cisco is providing ECE 12.6 ES 10 as a software update that is intended to fix the vulnerability. Anyone using software version 12.5 or older should nevertheless update to this version.

Cisco has also updated the security report on critical vulnerabilities in the Smart Licensing Utility and added the cyberattacks observed in the wild.

(dmk)