Security Alert (A25-11-07): Multiple Vulnerabilities in Cisco Products


 

Published on: 06 November 2025

Description:

Cisco has released security updates to address multiple vulnerabilities in several Cisco products or components. A remote attacker could entice a user to open a web page with specially crafted content on a vulnerable browser to exploit the vulnerabilities.

 

Affected Systems:

  • Cisco Identity Services Engine
  • Cisco Packaged Contact Center Enterprise (Packaged CCE)
  • Cisco Unified Contact Center Enterprise (Unified CCE)
  • Cisco Unified Contact Center Express (Unified CCX)
  • Cisco Unified Intelligence Center (CUIC)

 

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation could lead to remote code execution, denial of service, elevation of privilege, information disclosure or security restriction bypass on an affected system.

 

Recommendation:

Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. For detailed information of the available patches, please refer to the section "Fixed Software" of corresponding security advisory at vendor's website.

System administrators should contact their product support vendors for the fixes and assistance.

 

More Information:

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSn
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multiple-vulns-O9BESWJH
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radsupress-dos-8YF3JThh
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20289
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20303 (to CVE-2025-20305)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20343
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20354
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20358
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20374 (to CVE-2025-20377)


Tag: Cisco , Cisco Identity Services Engine , Cisco PCCE , Cisco Unified Contact Center , Cisco Unified Intelligence Center
Tags