Security Advisory

Cisco Product Security Update Advisory

  • Nov 20 2025
Cisco Product Security Update Advisory

Overview

 

Cisco has released security updates that address vulnerabilities in Cisco products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-20341

 

Cisco Catalyst Center version: 2.3.7.3-VA and later 2.3.7.10-VA and earlier

 

CVE-2025-20343

 

Cisco ISE Version: 3.4

 

CVE-2025-20349

 

Cisco Catalyst Center version: 2.3.7 and earlier

 

CVE-2025-20354, CVE-2025-20358, CVE-2025-20375, CVE-2025-20376

 

Cisco Unified CCX Version: 12.5 SU3 and earlier
Cisco Unified CCX version: 15.0

 

 

Resolved Vulnerabilities

 

Privilege Escalation Vulnerability in Cisco Catalyst Center (CVE-2025-20341)
Denial of Service Vulnerability in Cisco Identity Services Engine (CVE-2025-20343)
Command Injection Vulnerability in Cisco Catalyst Center (CVE-2025-20349)
Remote Code Execution Vulnerability in Cisco Unified Contact Center Express (CVE-2025-20354)
Edit Function Authentication Bypass Vulnerability in Cisco Unified Contact Center Express (CVE-2025-20358)
Arbitrary file upload vulnerability in Cisco Unified Contact Center Express (CVE-2025-20375)
Remote Code Execution Vulnerability in Cisco Unified Contact Center Express (CVE-2025-20376)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-20341

 

Cisco Catalyst Center version: 2.3.7.10-VA

 

CVE-2025-20343

 

Cisco ISE Version: 3.4 Patch 4

 

CVE-2025-20349

 

Cisco Catalyst Center Version: 2.3.7.10

 

CVE-2025-20354, CVE-2025-20358, CVE-2025-20375, CVE-2025-20376

 

Cisco Unified CCX Version: 12.5 SU3 ES07
Cisco Unified CCX Version: 15.0.ES01

 

 

References

 

[1] Cisco Catalyst Center Virtual Appliance Privilege Escalation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-priv-es..
[2] Cisco Identity Services Engine RADIUS Suppression Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radsupre..
[3] Cisco Catalyst Center REST API Command Injection Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ci-ZWLQ..
[4] Cisco Unified Contact Center Express Remote Code Execution Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rc..
[5] Multiple Cisco Contact Center Products Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln..

Tags:
Previous Post

Next Post