- 47/2025
- High
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, obtain sensitive information, perform denial of services attacks, bypass security restrictions, or execute arbitrary commands and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Cisco Nexus 3000 and 9000 Series Switches Health Monitoring Diagnostics Denial of Service Vulnerability (CVE-2025-20111):
- CVSS: 7.4
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial Of Service
2. Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability (CVE-2025-20211):
- CVSS: 6.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Cross-Site Scripting
Sample of the affected products:
- Nexus 3100 Series Switches.
- Nexus 9400 Series Switches in standalone NX-OS mode.
- Cisco BroadWorks Application Delivery Platform.
- Cisco APIC.
- Cisco Secure Email Gateway.
Vulnerabilities
- CVE-2025-20111
- CVE-2025-20161
- CVE-2025-20116
- CVE-2025-20117
- CVE-2025-20118
- CVE-2025-20119
- CVE-2025-20158
- CVE-2025-20153
- CVE-2025-20211
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.