Cisco Security Updates – 03 April 2025

By /
  • 70/2025
  • High

Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.

The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks or perform denial of service attacks on the affected product.

Sample of the addressed vulnerabilities:

1. Cisco Meraki MX and Z Series AnyConnect VPN Denial of Service Vulnerability (CVE-2025-20212):

  • CVSS: 7.7
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Consequences: Denial of Service

2. Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability (CVE-2025-20120):

  • CVSS: 6.1
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Consequences: Cross-Site Scripting

Affected Products:

  • Cisco Evolved Programmable Network Manager.
  • Cisco Prime Infrastructure.
  • Cisco Enterprise Chat and Email.
  • Cisco Meraki MX and Z Series AnyConnect VPN.
Vulnerabilities
  • CVE-2025-20212
  • CVE-2025-20139
  • CVE-2025-20120
  • CVE-2025-20203
  • CVE-2024-20439
  • CVE-2024-20440
  • CVE-2024-20475
Mitigations

The enterprise should deploy this patch as soon as the testing phase is completed.

Cisco Security Updates

References

Cisco Security Updates