- 51/2025
- High
Cisco has released security updatesto fix multiple vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, or execute arbitrary commands and gain access to the affected product by sending a crafted IPC message to a specific Cisco Secure Client process.
The addressed vulnerabilities:
1. Cisco Secure Client for Windows with Secure Firewall Posture Engine DLL Hijacking Vulnerability (CVE-2025-20206):
- CVSS: 7.1
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability (CVE-2025-20208):
- CVSS: 4.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Cross-Site Scripting
The affected products:
- Cisco TMS Release 15.13.6.
- Cisco Secure Client for Windows.
Vulnerabilities
- CVE-2025-20206
- CVE-2025-20208
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.