- 87/2025
- High
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, collect sensitive information, or execute arbitrary commands and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Cisco Webex App Client-Side Remote Code Execution Vulnerability (CVE-2025-20236):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Cisco Secure Network Analytics Privilege Escalation Vulnerability (CVE-2024-20440):
- CVSS: 6
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: high
- User Interaction: None
- Consequences: Gain Privileges
Sample of the affected products:
- Cisco Webex App Release 44.6 and 44.7.
- Cisco Smart Licensing Utility Release 2.0.0, 2.1.0 and 2.2.0.
Vulnerabilities
- CVE-2024-20439
- CVE-2024-20440
- CVE-2024-20397
- CVE-2025-20150
- CVE-2025-20178
- CVE-2025-20236
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.