Cisco and Atlassian on Wednesday introduced the rollout of patches for a number of high-severity vulnerabilities of their merchandise, many resulting in denial-of-service (DoS) situations.
Cisco launched firmware updates for Meraki gadgets to resolve a high-severity flaw permitting attackers to trigger the AnyConnect VPN server on these merchandise to restart, resulting in a DoS situation. Tracked as CVE-2025-20271 (CVSS rating of 8.6), the bug could be exploited remotely.
“This vulnerability is because of variable initialization errors when an SSL VPN session is established. […] A sustained assault may forestall new SSL VPN connections from being established, successfully making the Cisco AnyConnect VPN service unavailable for all reliable customers,” Cisco explains.
The safety defect impacts roughly two dozen Meraki MX and Meraki Z gadgets and was resolved in Meraki MX firmware variations 18.107.13, 18.211.6, and 19.1.8.
The corporate additionally rolled out fixes for a DoS bug within the Common Disk Format (UDF) processing of ClamAV. Tracked as CVE-2025-20234, it may be exploited by submitting crafted recordsdata containing UDF content material to the ClamAV, the corporate notes.
Cisco says it isn’t conscious of any of those vulnerabilities being exploited within the wild, however customers are suggested to use the obtainable patches as quickly as potential.
Atlassian introduced patches for 5 vulnerabilities in third-party dependencies in Bamboo, Bitbucket, Confluence, Crowd, and Jira.
These embrace CVE-2025-22228 (an improper authorization in Spring), CVE-2025-24970 (a DoS flaw within the Netty framework), CVE-2024-38816 (a path traversal associated to the WebMvc.fn and WebFlux.fn internet frameworks), CVE-2024-57699 (a DoS bug in Netplex Json-smart), and CVE-2025-31650 (DoS in Apache Tomcat).Commercial. Scroll to proceed studying.
To resolve these points, Atlassian launched software program updates for Bamboo Information Middle and Server, Bitbucket Information Middle and Server, Confluence Information Middle and Server, Crowd Information Middle and Server, Jira Information Middle and Server, and Jira Service Administration Information Middle and Server.
Customers are suggested to replace their cases as quickly as potential, even when Atlassian makes no point out of any of those safety defects being exploited.
Associated: Essential Vulnerability Patched in Citrix NetScaler
Associated: Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Merchandise
Associated: Excessive-Severity Vulnerabilities Patched in Tenable Nessus Agent
Associated: Palo Alto Networks Patches Privilege Escalation Vulnerabilities
