- 124/2025
- Critical
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks, bypass security restrictions, obtain sensitive information, manipulate data, gain elevated privileges, conduct denial of service attacks, or execute arbitrary code and gain access to the affected systems.
Sample of addressed vulnerabilities:
1. Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability (CVE-2025-20286):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. Cisco Integrated Management Controller Privilege Escalation Vulnerability (CVE-2025-20261):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
Sample of the affected products:
- Cisco Meraki MX firmware releases (MX64, MX64, MX68W).
- Cisco Unified Intelligent Contact Management Enterprise 15.0(1) and earlier.
- Cisco ISE and Cisco ISE-PIC.
- Cisco ThousandEyes Endpoint Agent for Windows.
- Cisco ISE AWS Platform releases (3.1, 3.2, 3.3, and 3.4).
Vulnerabilities
- CVE-2025-20129
- CVE-2025-20273
- CVE-2025-20130
- CVE-2025-20259
- CVE-2025-20275
- CVE-2025-20276
- CVE-2025-20277
- CVE-2025-20279
- CVE-2025-20278
- CVE-2025-20261
- CVE-2025-20163
- CVE-2025-20286
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.