High-Severity Vulnerabilities Patched by Cisco, Atlassian

High-Severity Vulnerabilities Patched by Cisco, Atlassian

Posted on By CWS

Cisco and Atlassian on Wednesday introduced the rollout of patches for a number of high-severity vulnerabilities of their merchandise, many resulting in denial-of-service (DoS) situations.

Cisco launched firmware updates for Meraki gadgets to resolve a high-severity flaw permitting attackers to trigger the AnyConnect VPN server on these merchandise to restart, resulting in a DoS situation. Tracked as CVE-2025-20271 (CVSS rating of 8.6), the bug could be exploited remotely.

“This vulnerability is because of variable initialization errors when an SSL VPN session is established. […] A sustained assault may forestall new SSL VPN connections from being established, successfully making the Cisco AnyConnect VPN service unavailable for all reliable customers,” Cisco explains.

The safety defect impacts roughly two dozen Meraki MX and Meraki Z gadgets and was resolved in Meraki MX firmware variations 18.107.13, 18.211.6, and 19.1.8.

The corporate additionally rolled out fixes for a DoS bug within the Common Disk Format (UDF) processing of ClamAV. Tracked as CVE-2025-20234, it may be exploited by submitting crafted recordsdata containing UDF content material to the ClamAV, the corporate notes.

Cisco says it isn’t conscious of any of those vulnerabilities being exploited within the wild, however customers are suggested to use the obtainable patches as quickly as potential.

Atlassian introduced patches for 5 vulnerabilities in third-party dependencies in Bamboo, Bitbucket, Confluence, Crowd, and Jira.

These embrace CVE-2025-22228 (an improper authorization in Spring), CVE-2025-24970 (a DoS flaw within the Netty framework), CVE-2024-38816 (a path traversal associated to the WebMvc.fn and WebFlux.fn internet frameworks), CVE-2024-57699 (a DoS bug in Netplex Json-smart), and CVE-2025-31650 (DoS in Apache Tomcat).Commercial. Scroll to proceed studying.

To resolve these points, Atlassian launched software program updates for Bamboo Information Middle and Server, Bitbucket Information Middle and Server, Confluence Information Middle and Server, Crowd Information Middle and Server, Jira Information Middle and Server, and Jira Service Administration Information Middle and Server.

Customers are suggested to replace their cases as quickly as potential, even when Atlassian makes no point out of any of those safety defects being exploited.

Associated: Essential Vulnerability Patched in Citrix NetScaler

Associated: Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Merchandise

Associated: Excessive-Severity Vulnerabilities Patched in Tenable Nessus Agent

Associated: Palo Alto Networks Patches Privilege Escalation Vulnerabilities

Security Week News Tags:, , , ,

Related Posts

Red Access Raises Million for Agentless Security Platform Red Access Raises $17 Million for Agentless Security Platform Security Week News
AI Emerges as the Hope—and Risk—for Overloaded SOCs AI Emerges as the Hope—and Risk—for Overloaded SOCs Security Week News
FireCompass Raises Million for Offensive Security Platform FireCompass Raises $20 Million for Offensive Security Platform Security Week News
US Charges Cambodian Executive in Massive Crypto Scam and Seizes More Than Billion in Bitcoin US Charges Cambodian Executive in Massive Crypto Scam and Seizes More Than $14 Billion in Bitcoin Security Week News
NMFTA Warns of Surge and Sophistication of Cyber-Enabled Cargo Theft NMFTA Warns of Surge and Sophistication of Cyber-Enabled Cargo Theft Security Week News
FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks Security Week News