- 96/2025
- Critical
Cisco has released security updates to fix multiple vulnerabilities affecting several Cisco products.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, upload arbitrary files, conduct cross-site request forgery (CSRF) attacks, read and modify the outgoing proxy configuration settings, perform cross-site scripting attacks, bypass security restrictions, conduct command injection attacks, escalate privileges, or execute arbitrary code and gain access to the affected systems.
Sample of addressed vulnerabilities:
1. Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability (CVE-2025-20188):
- CVSS: 10.0
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain access
2. Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IKEv2 Denial of Service Vulnerability (CVE-2025-20182):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Sample of affected products:
- Cisco Embedded Wireless Controller on Catalyst APs.
- Cisco IOS and IOS XE Software.
- Cisco Catalyst SD-WAN Manager.
- Cisco Catalyst Center.
- Cisco Adaptive Security Appliance (ASA) Software.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.