Published On: Nov 26, 2025 09:28
Advisory No: TZCERT-SA-25-0123
Source: Cisco
Software Affected: Cisco Unified CCX, Cisco Secure ASA, Cisco Secure FTD, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software
Multiple Cisco products are affected by critical vulnerabilities. The vulnerabilities could allow a remote attacker to execute arbitrary code on the affected device.
Cisco Unified CCX, Cisco Secure ASA, Cisco Secure FTD, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software are affected by critical vulnerabilities tracked as CVE-2025-20354, CVE-2025-20358, CVE-2025-20333, and CVE-2025-20363, with CVSS base scores between 9.9 and 9.0. These vulnerabilities result from improper authentication mechanisms that are associated to specific Cisco Unified CCX features and improper validation of user-supplied input in HTTP(S) requests. Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code, leading to denial of service (DoS) conditions, upload arbitrary files, bypass authentication, execute arbitrary commands, and elevate privileges to root.
Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.
Cisco has released patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
