- 29/2025
- Critical
Cisco has released security updates to fix multiple vulnerabilities affecting several Cisco products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform cross-site scripting attacks, obtain sensitive information, conduct denial of services attacks, execute arbitrary commands, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Cisco Identity Services Engine Command Execution Vulnerability (CVE-2025-20124):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. Cisco Identity Services Engine Security Bypass Vulnerability (CVE-2025-20125):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Security Bypass
Sample of the affected products:
- Cisco ISE and Cisco ISE Passive Identity Connector.
- Cisco IOS/ IOS XE/IOS XR Software.
- Cisco Secure Web Appliance.
- Cisco Expressway Control (Expressway-C) and Cisco Expressway Edge (Expressway-E) devices.
Vulnerabilities
- CVE-2025-20125
- CVE-2025-20124
- CVE-2024-20397
- CVE-2025-20169
- CVE-2025-20170
- CVE-2025-20171
- CVE-2025-20172
- CVE-2025-20173
- CVE-2025-20174
- CVE-2025-20175
- CVE-2025-20176
- CVE-2025-20183
- CVE-2025-20204
- CVE-2025-20205
- CVE-2025-20179
- CVE-2025-20180
- CVE-2025-20207
- CVE-2025-20184
- CVE-2025-20185
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.