- 137/2025
- High
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the remote attacker to conduct denial of service attacks by sending a sequence of crafted HTTPS requests or submitting a crafted file containing UDF content to be scanned by ClamAV on the affected systems.
Sample of addressed vulnerabilities:
Cisco Meraki MX firmware and Cisco AnyConnect VPN Denial of Service Vulnerability (CVE-2025-20271):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Sample of the affected products:
- Cisco Meraki MX firmware releases (MX100,vMX, vMX, …).
- Cisco AnyConnect VPN on Cisco Meraki MX and Cisco Meraki Z Series devices.
- Secure Endpoint Connector for Linux, Mac, Windows, and Private Cloud.
Vulnerabilities
- CVE-2025-20271
- CVE-2025-20234
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.