Cisco on Wednesday introduced patches for 35 vulnerabilities, together with 26 as a part of its semiannual IOS and IOS XE safety advisory bundle publication.
The IOS updates repair one critical-severity and 16 high-severity bugs. The crucial concern, tracked as CVE-2025-20188 (CVSS rating of 10/10), is described as an arbitrary file add flaw within the Out-of-Band Entry Level (AP) picture obtain function of IOS XE software program.
A tough-coded JSON Internet Token (JWT) permits attackers to add information by sending crafted HTTP requests to the AP picture obtain interface.
“A profitable exploit may permit the attacker to add information, carry out path traversal, and execute arbitrary instructions with root privileges,” Cisco explains in its advisory.
Whereas the safety defect could be exploited remotely, with out authentication, it solely impacts Wi-fi LAN Controllers (WLCs) which have the Out-of-Band AP picture obtain function enabled. By default, it’s disabled.
Probably the most extreme of the high-severity vulnerabilities within the semiannual safety bundle may permit distant attackers to inject instructions, trigger a denial of service (DoS) situation, or elevate their privileges.
Whereas the command injection (CVE-2025-20186) and privilege escalation (CVE-2025-20164) flaws require authentication, the DoS points (CVE-2025-20154, CVE-2025-20182, and CVE-2025-20162) could be exploited by unauthenticated attackers.
The remaining high-severity defects patched in IOS and IOS XE software program could lead on, below sure circumstances, to DoS, privilege escalation, or to the execution of persistent code at boot time.Commercial. Scroll to proceed studying.
The semiannual safety bundle additionally addresses medium-severity IOS software program flaws that could possibly be exploited to mount a cross-site request forgery (CSRF) assault, carry out SNMP operations from denied sources, bypass site visitors filters, learn configuration or operational knowledge, write arbitrary information to the system, take away arbitrary customers, or trigger a DoS situation.
On Wednesday, Cisco additionally introduced fixes for high-severity bugs within the administration API of Catalyst Middle and the CLI of Catalyst SD-WAN Supervisor that would permit attackers to change the outgoing proxy configuration settings and escalate privileges, respectively.
A number of medium-severity vulnerabilities had been additionally addressed with the Catalyst Middle and Catalyst SD-WAN Supervisor updates.
Moreover, the tech big introduced that no patches will probably be launched for CVE-2025-20137, a medium-severity bypass within the entry management listing (ACL) programming of Catalyst 1000 and Catalyst 2960L switches, as a result of the weak configuration will not be supported.
“This vulnerability is because of using each an IPv4 ACL and a dynamic ACL of IP Supply Guard on the identical interface, which is an unsupported configuration. An attacker may exploit this vulnerability by trying to ship site visitors by an affected system,” Cisco says.
Cisco says it’s not conscious of any of those vulnerabilities being exploited within the wild. Nevertheless, it warns that proof-of-concept (PoC) code concentrating on two medium-severity points (CVE-2025-20221, a site visitors filter bypass in IOS XE SD-WAN; and CVE-2025-20147, an XSS flaw in Catalyst SD-WAN Supervisor) exists.
On Wednesday, Cisco additionally up to date the listing of merchandise affected by the crucial Erlang/OTP SSH safety defect disclosed in mid-April, in addition to the standing of patches. Tracked as CVE-2025-32433 (CVSS rating of 10) and exploitable with out authentication, the flaw results in distant code execution (RCE).
Customers are suggested to use the accessible patches and workarounds as quickly as potential. Further info could be discovered on Cisco’s safety advisories web page.
Associated: Cisco Patches 10 Vulnerabilities in IOS XR
Associated: Vulnerabilities Patched in Atlassian, Cisco Merchandise
Associated: Vulnerabilities Expose Cisco Meraki and ECE Merchandise to DoS Assaults
Associated: Hackers Goal Cisco Good Licensing Utility Vulnerabilities
