Security Alert (A25-05-06): Multiple Vulnerabilities in Cisco Products


 

Published on: 09 May 2025

  
  

Description:

Cisco released security advisories to address multiple vulnerabilities in Cisco devices and software. For information about the vulnerabilities and the attacking vectors, please refer to the corresponding security advisories at the vendor's website.

 

Affected Systems:

  • Cisco 800, 1000, 1100, 4000 Series Integrated Services Routers
  • Cisco ASA Software
  • Cisco ASR 903 Aggregation Services Routers with RSP3C
  • Cisco Catalyst 1000, 2960-L, 2960CX, 2960X, 2960XR, 3560CX Series Switches
  • Cisco Catalyst 8200, 8300, 8500, 8500L Series Edge Platforms
  • Cisco Catalyst 9100 Family of Access Points
  • Cisco Catalyst 9800-CL Wireless Controllers for Cloud
  • Cisco Catalyst 9800 Series Wireless Controllers
  • Cisco Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches
  • Cisco Embedded Wireless Controller on Catalyst APs
  • Cisco FTD Software
  • Cisco IC3000 Industrial Compute Gateways
  • Cisco IE 2000, 4000, 4010, 5000 Series
  • Cisco IOS Software
  • Cisco IOS XE Software
  • Cisco IOS XE Software for WLCs
  • Cisco WLC AireOS Software

For detailed information of the affected products, please refer to the section "Affected Products" of corresponding security advisory at vendor's website.

 

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security restriction bypass or tampering of affected system.

 

Recommendation:

Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. For detailed information of the available patches, please refer to the section "Fixed Software" of corresponding security advisory at vendor's website.

System administrators should contact their product support vendors for the fixes and assistance.

 

More Information:

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bootstrap-KfgxYgdh
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catalyst-tls-PqnD5KEJ
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-insec-acc-mtt8EhEb
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-user-del-hQxMpUDj
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-dos-95Fqnf7b
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-netconf-nacm-bypass-TGZV9pmQ
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanarbfile-2zKhKZwJ
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpv3-qKEYvzsy
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-inj-GxVtK6zj
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-xhN8M5jt
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-multi-ARNHM4v6
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960-3560-sboot-ZtqADrHq
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-api-nBPZcJCM
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-cdp-dos-fpeks9K
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcpsn-dos-xBn8Mtks
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ikev1-dos-XHk3HzFC
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multiprod-ikev2-dos-gPctUqv2
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-priviesc-WCk7bmmt
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sisf-dos-ZGwt4DdY
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-gVn3OKNC
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-p6Gvt6HL
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-fileoverwrite-Uc9tXWH
  • https://www.hkcert.org/security-bulletin/cisco-products-multiple-vulnerabilities_20250509
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20122
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20137
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20140
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20147
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20151
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20154 (to CVE-2025-20155)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20157
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20162
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20164
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20181 (to CVE-2025-20182)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20186 (to CVE-2025-20196)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20202
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20210
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20213 (to CVE-2025-20214)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20216
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20221
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20223


Tag: Cisco , Cisco ISR , Cisco ASA , ASR , Cisco Catalyst Switches , Cisco Catalyst AP , Cisco Embedded Wireless Controller , Cisco FTD , Cisco Industrial Compute Gateways , Cisco IOS , Cisco WLC
Tags