- 239/2025
- Critical
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to conduct denial-of-service attacks, upload arbitrary files, bypass authentication, perform reflected cross-site scripting attacks, elevate privileges to root, obtain sensitive information, or
execute arbitrary commands/codes and gain access to the affected systems.
Sample of addressed vulnerabilities:
1. Cisco Unified Contact Center Express Remote Code Execution Vulnerability (CVE-2025-20354):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Cisco Identity Services Engine RADIUS Suppression Denial of Service Vulnerability (CVE-2025-20343):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Sample of the affected products:
- Cisco Unified Contact Center Express (Unified CCX).
- Cisco Identity Services Engine (ISE).
- Cisco Unified Intelligence Center (CUIC).
- Cisco ISE Passive Identity Connector (ISE‑PIC).
Vulnerabilities
- CVE-2025-20354
- CVE-2025-20358
- CVE-2025-20343
- CVE-2025-20289
- CVE-2025-20303
- CVE-2025-20304
- CVE-2025-20305
- CVE-2025-20377
- CVE-2025-20374
- CVE-2025-20375
- CVE-2025-20376
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.