- 203/2025
- High
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, conduct cross-site scripting attacks, perform cross-site request forgery attacks, obtain sensitive information, or bypass security restrictions to the affected product.
Sample of addressed vulnerabilities:
1. Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Denial of Service Vulnerability (CVE-2025-20222):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
2. Cisco IOS XR Software Image Verification Bypass Vulnerability (CVE-2025- 20248):
- CVSS: 6
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Bypass security
Sample of the affected products:
- Cisco Unified CM.
- Cisco Firepower.
- Cisco EPNM.
- Cisco Prime Infrastructure.
- Cisco Webex Meetings.
Vulnerabilities
- CVE-2025-20326
- CVE-2025-20287
- CVE-2025-20270
- CVE-2025-20280
- CVE-2025-20330
- CVE-2025-20335
- CVE-2025-20336
- CVE-2025-20291
- CVE-2025-20328
- CVE-2025-20127
- CVE-2025-20222
- CVE-2025-20159
- CVE-2025-20340
- CVE-2025-20248
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.