Cisco Family February 2025 First Round Security Update Advisory

Overview

 

Cisco(https://www.cisco.com) has released a security update that fixes vulnerabilities in products it has been made. Users of affected systems are advised to update to the latest version.

 

Affected Products

 

Cisco NX-OS Software

 

Resolved Vulnerabilities

 

Vulnerability in Cisco NX-OS Software due to insufficient Ethernet frame handling, allowing denial of service (CVE-2025-20111, CVSS 7.4) [1]

Vulnerability in Cisco NX-OS Software due to insufficient data validation, allowing arbitrary command execution (CVE-2025-20161, CVSS 5.1) [2]

 

Vulnerability Patches

 

Product-specific Vulnerability Patches were made available in the 02/27/2025 update. Please refer to the ‘Affected Products’ and ‘Fixed Software’ in the product-specific information in the Referenced Sites below to apply the patches.

 

Referenced Sites

 

[1] Cisco Nexus 3000 and 9000 Series Switches Health Monitoring Diagnostics Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k-healthdos-eOqSWK4g

[2] Cisco Nexus 3000 and 9000 Series Switches Command Injection Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ici-dpOjbWxk