- 111/2025
- High
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks, manipulate files, escalate privileges, conduct denial of service attacks, or execute arbitrary code and gain access to the affected systems.
Sample of addressed vulnerabilities:
1. Cisco Identity Services Engine RADIUS Denial of Service Vulnerability (CVE- 2025-20152):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
2. Cisco Unified Intelligence Center Privilege Escalation Vulnerability (CVE-2025-20113):
- CVSS: 7.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
Sample of the affected products:
- Cisco Unified CCE Cloud Connect.
- Cisco Unified Communications.
- Contact Center Solutions.
- Cisco Duo self-service portal.
- Cisco ISE.
- Cisco Secure Network Analytics Manager.
Vulnerabilities
- CVE-2025-20242
- CVE-2025-20112
- CVE-2025-20258
- CVE-2025-20267
- CVE-2025-20257
- CVE-2025-20256
- CVE-2025-20255
- CVE-2025-20246
- CVE-2025-20247
- CVE-2025-20250
- CVE-2025-20113
- CVE-2025-20114
- CVE-2025-20152
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.