- 274/2025
- Critical
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, obtain sensitive information, or execute arbitrary commands and gain access to the affected product.
Sample of addressed vulnerabilities:
1. Cisco Multiple Products Improper Input Validation Vulnerability (CVE-2025- 20393):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Improper Neutralization of Input During Web Page Generation Vulnerability (CVE-2025-20303):
- CVSS: 5.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Cross-Site Scripting
The Affected Products:
- Cisco AsyncOS Software.
- Cisco Secure Email Gateway.
- Cisco Secure Email.
- Web Manager.
- Cisco Identity Services Engine (ISE).
- Cisco ISE Passive Identity Connector (ISE-PIC).
It should be highlighted that the zero-day vulnerability identified as “CVE-2025- 20393” has not yet been patched. Apply Cisco’s official recommendations for mitigation and risk reduction.
Vulnerabilities
- CVE-2025-20393
- CVE-2025-20289
- CVE-2025-20303
- CVE-2025-20304
- CVE-2025-20305
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.