Security Advisory

Cisco Product Security Update Advisory

  • May 09 2025
Cisco Product Security Update Advisory

Overview

 

Cisco has released security updates that address vulnerabilities in Cisco products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-20236

 

Cisco Webex App Version: 44.6
Cisco Webex App Version: 44.7

 

 

CVE-2025-20212

 

Cisco Meraki MX Firmware Version: 16.2
Cisco Meraki MX Firmware Version: 17
Cisco Meraki MX Firmware Version: 18.1
Cisco Meraki MX Firmware Version: 18.2
Cisco Meraki MX Firmware Version: 19.1

 

 

CVE-2025-20139

 

Cisco Enterprise Chat and Email (ECE) Version: 12.5 and earlier
Cisco Enterprise Chat and Email (ECE) Version: 12.6

 

 

Resolved Vulnerabilities

 

URL parser vulnerability that allows remote attackers to download arbitrary files (CVE-2025-20236)
Vulnerability that could allow an authenticated remote attacker to cause a denial of service (CVE-2025-20212)
Improper validation of user input that could cause a denial of service (CVE-2025-20139)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

 

CVE-2025-20236

 

Cisco Webex App version: 44.6.2.30589
Cisco Webex App version: migrated to a fixed release (44.8 and later)

 

 

CVE-2025-20212

 

Cisco Meraki MX firmware version: migrate to a fixed release (18.107.12 and later)
Cisco Meraki MX Firmware Version: 18.107.12
Cisco Meraki MX Firmware Version: 18.211.4
Cisco Meraki MX firmware version: 19.1.4

 

 

CVE-2025-20139

 

Cisco Enterprise Chat and Email (ECE) version: migrate to a Fixed Release (12.6 ES 10)
Cisco Enterprise Chat and Email (ECE) Version: 12.6 ES 10

 

 

References

[1] Cisco Webex App Client-Side Remote Code Execution Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-client-rce-ufyMMYLC
[2] Cisco Meraki MX and Z Series AnyConnect VPN Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vNRpDvfb
[3] Cisco Enterprise Chat and Email Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-tC6m9GZ8

Tags:
Previous Post

Next Post