- 20/2025
- Critical
Cisco has released security updates to fix multiple vulnerabilities affecting several Cisco products.
The addressed vulnerabilities could allow the attacker to conduct denial of services attacks, bypass security restrictions, perform cross-site scripting attacks, obtain sensitive information, or gain elevated privileges and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Cisco Meeting Management REST API Privilege Escalation Vulnerability (CVE-2025-20156):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Privilege Escalation
2. Cisco BroadWorks SIP Denial of Service Vulnerability (CVE-2025-20165):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Sample of the affected products:
- Cisco Meeting Management.
- Cisco BroadWorks.
- Cisco ThousandEyes Endpoint Agents.
- Cisco Crosswork Network Controller.
- Cisco CSPC
Vulnerabilities
- CVE-2025-20156
- CVE-2025-20165
- CVE-2025-20128
- CVE-2025-20126
- CVE-2025-20123
- CVE-2024-20397
- CVE-2025-20166
- CVE-2025-20167
- CVE-2025-20168
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.