Cisco on Wednesday printed 10 safety advisories detailing over a dozen vulnerabilities throughout its merchandise, together with two high-severity flaws in its Id Companies Engine (ISE) and Unified Intelligence Heart.
The ISE bug, tracked as CVE-2025-20152, impacts the RADIUS message processing characteristic and could possibly be exploited remotely, with out authentication, to trigger ISE to reload, resulting in a denial of service (DoS) situation.
“This vulnerability is because of improper dealing with of sure RADIUS requests. An attacker might exploit this vulnerability by sending a particular authentication request to a community entry system (NAD) that makes use of Cisco ISE for authentication, authorization, and accounting (AAA),” Cisco notes in its advisory.
The networking big additionally resolved a high-severity concern in Unified Intelligence Heart, tracked as CVE-2025-20113, that would permit an authenticated attacker to raise their privileges to these of an administrator, for a restricted set of capabilities on a weak system.
“This vulnerability is because of inadequate server-side validation of user-supplied parameters in API or HTTP requests. An attacker might exploit this vulnerability by submitting a crafted API or HTTP request to an affected system,” Cisco explains.
The safety defect was resolved alongside CVE-2025-20114, a medium-severity vulnerability that may be exploited for horizontal privilege escalation.
“This vulnerability is because of inadequate validation of user-supplied parameters in API requests. An attacker might exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference assault,” the advisory notes.
Medium-severity bugs had been additionally resolved in Webex, Webex Conferences, Safe Community Analytics Supervisor, Safe Community Analytics Digital Supervisor, ISE, Duo, Unified Communications and Contact Heart Options, and Unified Contact Heart Enterprise (CCE).Commercial. Scroll to proceed studying.
Profitable exploitation of the safety flaws might result in XSS assaults, manipulated cached HTTP responses, arbitrary command execution, fraudulent findings in analytics reviews, arbitrary command injection, privilege escalation, and knowledge tampering.
Cisco says it isn’t conscious of any of those vulnerabilities being exploited within the wild. Further data may be discovered on Cisco’s safety advisories web page.
Associated: Cisco Patches 35 Vulnerabilities Throughout A number of Merchandise
Associated: Cisco Confirms Some Merchandise Impacted by Vital Erlang/OTP Flaw
Associated: Vulnerabilities Patched in Atlassian, Cisco Merchandise
Associated:Vulnerabilities Expose Cisco Meraki and ECE Merchandise to DoS Assaults
