High-Severity Vulnerabilities Patched by Cisco, Atlassian

High-Severity Vulnerabilities Patched by Cisco, Atlassian

Posted on By CWS

Cisco and Atlassian on Wednesday introduced the rollout of patches for a number of high-severity vulnerabilities of their merchandise, many resulting in denial-of-service (DoS) situations.

Cisco launched firmware updates for Meraki gadgets to resolve a high-severity flaw permitting attackers to trigger the AnyConnect VPN server on these merchandise to restart, resulting in a DoS situation. Tracked as CVE-2025-20271 (CVSS rating of 8.6), the bug could be exploited remotely.

“This vulnerability is because of variable initialization errors when an SSL VPN session is established. […] A sustained assault may forestall new SSL VPN connections from being established, successfully making the Cisco AnyConnect VPN service unavailable for all reliable customers,” Cisco explains.

The safety defect impacts roughly two dozen Meraki MX and Meraki Z gadgets and was resolved in Meraki MX firmware variations 18.107.13, 18.211.6, and 19.1.8.

The corporate additionally rolled out fixes for a DoS bug within the Common Disk Format (UDF) processing of ClamAV. Tracked as CVE-2025-20234, it may be exploited by submitting crafted recordsdata containing UDF content material to the ClamAV, the corporate notes.

Cisco says it isn’t conscious of any of those vulnerabilities being exploited within the wild, however customers are suggested to use the obtainable patches as quickly as potential.

Atlassian introduced patches for 5 vulnerabilities in third-party dependencies in Bamboo, Bitbucket, Confluence, Crowd, and Jira.

These embrace CVE-2025-22228 (an improper authorization in Spring), CVE-2025-24970 (a DoS flaw within the Netty framework), CVE-2024-38816 (a path traversal associated to the WebMvc.fn and WebFlux.fn internet frameworks), CVE-2024-57699 (a DoS bug in Netplex Json-smart), and CVE-2025-31650 (DoS in Apache Tomcat).Commercial. Scroll to proceed studying.

To resolve these points, Atlassian launched software program updates for Bamboo Information Middle and Server, Bitbucket Information Middle and Server, Confluence Information Middle and Server, Crowd Information Middle and Server, Jira Information Middle and Server, and Jira Service Administration Information Middle and Server.

Customers are suggested to replace their cases as quickly as potential, even when Atlassian makes no point out of any of those safety defects being exploited.

Associated: Essential Vulnerability Patched in Citrix NetScaler

Associated: Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Merchandise

Associated: Excessive-Severity Vulnerabilities Patched in Tenable Nessus Agent

Associated: Palo Alto Networks Patches Privilege Escalation Vulnerabilities

Security Week News Tags:, , , ,

Related Posts

Critical Chrome Vulnerability Earns Researcher ,000 Critical Chrome Vulnerability Earns Researcher $43,000 Security Week News
In Other News: X Fined €120 Million, Array Flaw Exploited, New Iranian Backdoor In Other News: X Fined €120 Million, Array Flaw Exploited, New Iranian Backdoor Security Week News
Crunchbase Confirms Data Breach After Hacking Claims Crunchbase Confirms Data Breach After Hacking Claims Security Week News
ConnectWise Patches Critical Flaw in Automate RMM Tool ConnectWise Patches Critical Flaw in Automate RMM Tool Security Week News
‘Whisper Leak’ LLM Side-Channel Attack Infers User Prompt Topics ‘Whisper Leak’ LLM Side-Channel Attack Infers User Prompt Topics Security Week News
Security Firms Hit by Salesforce–Salesloft Drift Breach Security Firms Hit by Salesforce–Salesloft Drift Breach Security Week News