Cisco
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Cisco product.
RSS Feeds for Cisco security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Cisco products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Cisco Sorted by Most Security Vulnerabilities since 2018
Cisco Internetwork Operating System (IOS)175 vulnerabilities
Cisco Internetwork Operating System (IOS) is a family of network operating systems used on many Cisco Systems routers and current Cisco network switches.
Recent Cisco Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2026-01-07 | Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities | January 7, 2026 |
| 2026-01-07 | Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability | January 7, 2026 |
| 2025-12-17 | Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manager | December 17, 2025 |
| 2025-12-04 | Remote Code Execution Vulnerability in React and Next.js Frameworks: December 2025 | December 4, 2025 |
| 2025-11-13 | Cisco Catalyst Center Virtual Appliance HTTP Open Redirect Vulnerability | November 13, 2025 |
| 2025-11-13 | Cisco Catalyst Center Virtual Appliance Privilege Escalation Vulnerability | November 13, 2025 |
| 2025-11-13 | Cisco Catalyst Center Privilege Escalation Vulnerability | November 13, 2025 |
| 2025-11-13 | Cisco Catalyst Center REST API Command Injection Vulnerability | November 13, 2025 |
| 2025-11-13 | Cisco Catalyst Center Cross-Site Scripting Vulnerability | November 13, 2025 |
| 2025-11-05 | Cisco Identity Services Engine Reflected Cross-Site Scripting and Information Disclosure Vulnerabilities | November 5, 2025 |
Known Exploited Cisco Vulnerabilities
The following Cisco vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Cisco Multiple Products Improper Input Validation Vulnerability |
Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance. CVE-2025-20393 Exploit Probability: 7.3% |
December 17, 2025 |
| Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability |
Cisco IOS and IOS XE contains a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remote code execution. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system. CVE-2025-20352 Exploit Probability: 2.1% |
September 29, 2025 |
| Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buf |
Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a buffer overflow vulnerability that allows for remote code execution. This vulnerability could be chained with CVE-2025-20362. CVE-2025-20333 Exploit Probability: 8.7% |
September 25, 2025 |
| Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Mis |
Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a missing authorization vulnerability. This vulnerability could be chained with CVE-2025-20333. CVE-2025-20362 Exploit Probability: 42.2% |
September 25, 2025 |
| Cisco Identity Services Engine Injection Vulnerability |
Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device. CVE-2025-20281 Exploit Probability: 26.7% |
July 28, 2025 |
| Cisco Identity Services Engine Injection Vulnerability |
Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device. CVE-2025-20337 Exploit Probability: 0.6% |
July 28, 2025 |
| Cisco Smart Licensing Utility Static Credential Vulnerability |
Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials. CVE-2024-20439 Exploit Probability: 84.9% |
March 31, 2025 |
| Cisco Small Business RV Series Routers Command Injection Vulnerability |
Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain root-level privileges and access unauthorized data. CVE-2023-20118 Exploit Probability: 3.4% |
March 3, 2025 |
| Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability |
Cisco Adaptive Security Appliance (ASA) contains a cross-site scripting (XSS) vulnerability in the WebVPN login page. This vulnerability allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. CVE-2014-2120 Exploit Probability: 69.0% |
November 12, 2024 |
| Cisco ASA and FTD Denial-of-Service Vulnerability |
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after effective lifetime vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) of the RAVPN service. CVE-2024-20481 Exploit Probability: 11.1% |
October 24, 2024 |
| Cisco NX-OS Command Injection Vulnerability |
Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device. CVE-2024-20399 Exploit Probability: 0.8% |
July 2, 2024 |
| Cisco ASA and FTD Privilege Escalation Vulnerability |
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root. CVE-2024-20359 Exploit Probability: 0.2% |
April 24, 2024 |
| Cisco ASA and FTD Denial of Service Vulnerability |
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an infinite loop vulnerability that can lead to remote denial of service condition. CVE-2024-20353 Exploit Probability: 19.5% |
April 24, 2024 |
| Cisco ASA and FTD Information Disclosure Vulnerability |
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. This vulnerability affects only specific AnyConnect and WebVPN configurations. CVE-2020-3259 Exploit Probability: 69.7% |
February 15, 2024 |
| Cisco IOS XE Web UI Unspecified Vulnerability |
Cisco IOS XE contains an unspecified vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity. CVE-2023-20273 Exploit Probability: 92.5% |
October 23, 2023 |
| Cisco IOS XE Web UI Command Injection Vulnerability |
Cisco IOS XE contains a command injection vulnerability in the web user interface that could allow a remote, authenticated attacker to inject commands that can be executed as the root user. CVE-2021-1435 Exploit Probability: 0.4% |
October 19, 2023 |
| Cisco IOS XE Web UI Privilege Escalation Vulnerability |
Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device. CVE-2023-20198 Exploit Probability: 94.1% |
October 16, 2023 |
| Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability |
Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute malicious code or cause a device to crash. CVE-2023-20109 Exploit Probability: 0.6% |
October 10, 2023 |
| Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability |
Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN session with an unauthorized user. CVE-2023-20269 Exploit Probability: 0.9% |
September 13, 2023 |
| Cisco IOS Denial-of-Service Vulnerability |
Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases, Hypertext Transport Protocol (HTTP) access to the Cisco device. CVE-2004-1464 Exploit Probability: 1.7% |
May 19, 2023 |
Of the known exploited vulnerabilities above, 3 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 5 known exploited Cisco vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest Cisco Vulnerabilities
Based on the current exploit probability, these Cisco vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2020-3452 | 94.5% | Cisco Adaptive Security Appliance and Cisco Fire Power Threat Defense directory traversal sensitive |
| 2 | CVE-2018-0296 | 94.4% | Cisco Adaptive Security Appliance Firepower Threat Defense Denial-of-Service/Directory Traversal vul |
| 3 | CVE-2021-1497 | 94.4% | Cisco HyperFlex HX Command Injection Vulnerabilities |
| 4 | CVE-2019-1653 | 94.4% | Cisco RV320 and RV325 Routers Improper Access Control Vulnerability (COVID-19-CTI list) |
| 5 | CVE-2017-3881 | 94.3% | Cisco IOS and IOS XE Remote Code Execution Vulnerability |
| 6 | CVE-2023-20198 | 94.1% | Cisco IOS XE Web UI Privilege Escalation Vulnerability |
| 7 | CVE-2021-1498 | 94.0% | Cisco HyperFlex HX Command Injection Vulnerabilities |
| 8 | CVE-2018-0171 | 93.1% | Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability |
| 9 | CVE-2016-6415 | 93.0% | Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability |
| 10 | CVE-2019-1652 | 92.9% | Cisco Small Business Routers Improper Input Validation Vulnerability |
By the Year
In 2026 there have been 3 vulnerabilities in Cisco with an average score of 5.3 out of ten. Last year, in 2025 Cisco had 215 security vulnerabilities published. Right now, Cisco is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 1.43
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 5.33 |
| 2025 | 215 | 6.77 |
| 2024 | 366 | 6.74 |
| 2023 | 271 | 6.83 |
| 2022 | 323 | 6.91 |
| 2021 | 541 | 6.85 |
| 2020 | 337 | 6.87 |
| 2019 | 362 | 6.91 |
| 2018 | 365 | 7.22 |
It may take a day or so for new Cisco vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cisco Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-20029 | Jan 07, 2026 |
A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) couldA vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive data that should otherwise be inaccessible even to administrators. To exploit this vulnerability, the attacker must have valid administrative credentials. |
Identity Services Engine Software
|
| CVE-2026-20027 | Jan 07, 2026 |
Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requestsMultiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in buffer handling logic when processing DCE/RPC requests, which can result in a buffer out-of-bounds read. An attacker could exploit this vulnerability by sending a large number of DCE/RPC requests through an established connection that is inspected by Snort 3. A successful exploit could allow the attacker to obtain sensitive information in the Snort 3 data stream. |
|
| CVE-2026-20026 | Jan 07, 2026 |
Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requestsMultiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in buffer handling logic when processing DCE/RPC requests, which can result in a buffer use-after-free read. An attacker could exploit this vulnerability by sending a large number of DCE/RPC requests through an established connection that is inspected by Snort 3. A successful exploit could allow the attacker to unexpectedly restart the Snort 3 Detection Engine, which could cause a denial of service (DoS). |
|
| CVE-2025-20393 | Dec 17, 2025 |
Cisco Potential Vulnerability Investigation (CVE-2025-20393)Cisco is aware of a potential vulnerability. Cisco is currently investigating and will update these details as appropriate as more information becomes available. |
|
| CVE-2025-55182 | Dec 03, 2025 |
RCFC 19.019.2 Remote Code Exec via Unsafe DeserializationA pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints. |
|
| CVE-2025-20346 | Nov 13, 2025 |
Cisco Catalyst Center RBAC Escalation via Read-Only CredentialsA vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control (RBAC). An attacker could exploit this vulnerability by logging in to an affected system and modifying certain policy configurations. A successful exploit could allow the attacker to modify policy configurations that are reserved for the Administrator role. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer. |
Dna Center
Catalyst Center
|
| CVE-2025-20355 | Nov 13, 2025 |
Cisco Catalyst Center VA XSS Redirection via Improper Input ValidationA vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page. |
Dna Center
|
| CVE-2025-20353 | Nov 13, 2025 |
Cisco Catalyst Center Web UI XSS via Unvalidated InputA vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. |
Dna Center
|
| CVE-2025-20349 | Nov 13, 2025 |
Cisco Catalyst Center Auth Remote Command Injection via REST APIA vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to inject arbitrary commands that would then be executed in a restricted container with root privileges. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer. |
Dna Center
Catalyst Center
|
| CVE-2025-20341 | Nov 13, 2025 |
Cisco Catalyst Center Virtual Appliance PrivEsc via HTTP Input ValidationA vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to perform unauthorized modifications to the system, including creating new user accounts or elevating their own privileges on an affected system. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer. |
Dna Center
|
| CVE-2025-20304 | Nov 05, 2025 |
Cisco ISE Authenticated Reflected XSS via Management UIMultiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have at least a low-privileged account on the affected device. |
Identity Services Engine Software
|
| CVE-2025-20305 | Nov 05, 2025 |
Cisco ISE Authenticated Sensitive Info Disclosure via Web InterfaceA vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because certain files lack proper data protection mechanisms. An attacker with read-only Administrator privileges could exploit this vulnerability by performing actions where the results should only be viewable to a high-privileged user. A successful exploit could allow the attacker to view passwords that are normally not visible to read-only administrators. |
Identity Services Engine Software
Identity Services Engine
|
| CVE-2025-20289 | Nov 05, 2025 |
Cisco ISE Web UI Reflected XSS via Insufficient Input ValidationMultiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have at least a low-privileged account on the affected device. |
Identity Services Engine Software
|
| CVE-2025-20303 | Nov 05, 2025 |
Cisco ISE XSS in Web UI Authenticated Reflected XSS VulnerabilityMultiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have at least a low-privileged account on the affected device. |
Identity Services Engine Software
|
| CVE-2025-20377 | Nov 05, 2025 |
CVE-2025-20377: Authenticated API Info Leak in Cisco UICA vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive information on the affected system that should be restricted. To exploit this vulnerability, the attacker must have valid user credentials on the affected system. |
Packaged Contact Center Enterprise
Unified Contact Center Enterprise
Unified Contact Center Express
And others... |
| CVE-2025-20375 | Nov 05, 2025 |
Cisco CCX Web UI Auth File Upload/Execute (CVE-2025-20375)A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a crafted file to the web UI. A successful exploit could allow the attacker to upload arbitrary files to a vulnerable system and execute them, gaining access to the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials. |
Unified Contact Center Express
|
| CVE-2025-20376 | Nov 05, 2025 |
Auth RCE via file upload in Cisco Unified CCX Web UIA vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a malicious file to the web UI and executing it. A successful exploit could allow the attacker to execute arbitrary commands on the underlying system and elevate privileges to root. To exploit this vulnerability, the attacker must have valid administrative credentials. |
Unified Contact Center Express
|
| CVE-2025-20374 | Nov 05, 2025 |
Cisco Unified CCX Web UI Directory Traversal (CVE-2025-20374)A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A successful exploit could allow the attacker to gain read access to arbitrary files on the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials. |
Unified Contact Center Express
|
| CVE-2025-20358 | Nov 05, 2025 |
Cisco CCX Editor Auth Bypass Unauth Admin Privileges via Script ExecutionA vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authentication mechanisms in the communication between the CCX Editor and an affected Unified CCX server. An attacker could exploit this vulnerability by redirecting the authentication flow to a malicious server and tricking the CCX Editor into believing the authentication was successful. A successful exploit could allow the attacker to create and execute arbitrary scripts on the underlying operating system of an affected Unified CCX server, as an internal non-root user account. |
Unified Contact Center Express
|
| CVE-2025-20354 | Nov 05, 2025 |
Remote File Upload & RCE via RMI in Cisco Unified CCXA vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanisms that are associated to specific Cisco Unified CCX features. An attacker could exploit this vulnerability by uploading a crafted file to an affected system through the Java RMI process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. |
Unified Contact Center Express
|
| CVE-2025-20343 | Nov 05, 2025 |
Cisco ISE Reboot via RADIUS Access Request DoSA vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause Cisco ISE to restart unexpectedly. This vulnerability is due to a logic error when processing a RADIUS access request for a MAC address that is already a rejected endpoint. An attacker could exploit this vulnerability by sending a specific sequence of multiple crafted RADIUS access request messages to Cisco ISE. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when Cisco ISE restarts. |
Identity Services Engine Software
Identity Services Engine
|
| CVE-2025-20360 | Oct 15, 2025 |
Cisco Snort 3 HTTP Decoder DoS via Unchecked MIME Header ParsingMultiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a lack of complete error checking when the MIME fields of the HTTP header are parsed. An attacker could exploit this vulnerability by sending crafted HTTP packets through an established connection to be parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS condition when the Snort 3 Detection Engine unexpectedly restarts. |
Cyber Vision
|
| CVE-2025-20359 | Oct 15, 2025 |
Buffer Underread in Cisco Snort 3 HTTP Decoder Causes DoS & Info DisclosureMultiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause the Snort 3 Detection Engine to crash. This vulnerability is due to an error in the logic of buffer handling when the MIME fields of the HTTP header are parsed. This can result in a buffer under-read. An attacker could exploit this vulnerability by sending crafted HTTP packets through an established connection that is parsed by Snort 3. A successful exploit could allow the attacker to induce one of two possible outcomes: the unexpected restarting of the Snort 3 Detection Engine, which could cause a denial of service (DoS) condition, or information disclosure of sensitive information in the Snort 3 data stream. Due to the under-read condition, it is possible that sensitive information that is not valid connection data could be returned. |
Cyber Vision
|
| CVE-2025-20351 | Oct 15, 2025 |
Cisco Desk/Video Phone XSS via Unauthenticated Web UIA vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default. |
Sip
|
| CVE-2025-20350 | Oct 15, 2025 |
Cisco Desk & IP Phones 7800/8800/9800 DoS via Web UI Buffer OverflowA vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default. |
Sip
|
| CVE-2025-20329 | Oct 15, 2025 |
Cisco CE & RoomOS Stored Credentials in SIP Logging (CVE-2025-20329)A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability exists because certain unencrypted credentials are stored when SIP media component logging is enabled. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials to which they may not normally have access. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the Webex Cloud or stored on the device itself, an attacker must have valid administrative credentials. |
Roomos
|
| CVE-2025-20357 | Oct 01, 2025 |
XSS in Cisco Cyber Vision Center Web UI (CVE-2025-20357)A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials that allow access to the Reports page. By default, all pre-defined users have this access, as do any custom users that are configured to allow access to the Reports page. |
Cyber Vision
|
| CVE-2025-20361 | Oct 01, 2025 |
Cisco Unified CM XSS in Web UI via AuthInt InputA vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials. |
Unified Communications Manager
|
| CVE-2025-20356 | Oct 01, 2025 |
Cisco Cyber Vision Center XSS via Sensor Explorer PageA vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials that allow access to the Sensor Explorer page. By default, Admin and Product user roles have this access, as do any custom users that are configued to allow access to the Sensors page. |
Cyber Vision
|
| CVE-2025-20363 | Sep 25, 2025 |
Cisco ASA/FTD Remote Code Execution via HTTP Input ValidationA vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web service on an affected device after obtaining additional information about the system, overcoming exploit mitigations, or both. A successful exploit could allow the attacker to execute arbitrary code as root, which may lead to the complete compromise of the affected device. For more information about this vulnerability, see the Details ["#details"] section of this advisory. |
Internetwork Operating System (IOS)
Adaptive Security Appliance
IOS XE
And others... |
| CVE-2025-20362 | Sep 25, 2025 |
Cisco ASA/FTD VPN Web Server Unauth Read of Restricted URLsUpdate: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions. Cisco strongly recommends that all customers upgrade to the fixed software releases that are listed in the Fixed Software ["#fs"] section of this advisory. A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication. |
Adaptive Security Appliance
Firepower Threat Defense Software
|
| CVE-2025-20333 | Sep 25, 2025 |
Remote Code Execution in Cisco ASA VPN Web Server (CVE-2025-20333)A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device. |
Adaptive Security Appliance
Firepower Threat Defense Software
|
| CVE-2025-20314 | Sep 24, 2025 |
Cisco IOS XE: Attacker Can Execute Persistent Code via Pkg Validation FlawA vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to improper validation of software packages. An attacker could exploit this vulnerability by placing a crafted file into a specific location on an affected device. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Because this vulnerability allows an attacker to bypass a major security feature of a device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. |
IOS XE
|
| CVE-2025-20316 | Sep 24, 2025 |
Cisco Catalyst 9500X/9600X ACL bypass via MAC floodA vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL on an affected device. This vulnerability is due to the flooding of traffic from an unlearned MAC address on a switch virtual interface (SVI) that has an egress ACL applied. An attacker could exploit this vulnerability by causing the VLAN to flush its MAC address table. This condition can also occur if the MAC address table is full. A successful exploit could allow the attacker to bypass an egress ACL on an affected device. |
IOS XE
|
| CVE-2025-20293 | Sep 24, 2025 |
Unauthenticated Remote SCEP Abuse on Cisco Catalyst 9800-CL PKIA vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud (9800-CL) could allow an unauthenticated, remote attacker to access the public-key infrastructure (PKI) server that is running on an affected device. This vulnerability is due to incomplete cleanup upon completion of the Day One setup process. An attacker could exploit this vulnerability by sending Simple Certificate Enrollment Protocol (SCEP) requests to an affected device. A successful exploit could allow the attacker to request a certificate from the virtual wireless controller and then use the acquired certificate to join an attacker-controlled device to the virtual wireless controller. |
IOS XE
|
| CVE-2025-20338 | Sep 24, 2025 |
Cisco IOS XE CLI Auth Priv Escalation to RootA vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root. |
IOS XE
|
| CVE-2025-20240 | Sep 24, 2025 |
Cisco IOS XE Web UI Reflected XSS (CVE-2025-20240)A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS) on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute a reflected XSS attack and steal user cookies from the affected device. |
IOS XE
|
| CVE-2025-20149 | Sep 24, 2025 |
Cisco IOS/IOS XE CLI Buffer Overflow causes DoS via RebootA vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. |
Internetwork Operating System (IOS)
IOS XE
|
| CVE-2025-20313 | Sep 24, 2025 |
Cisco IOS XE Local Auth Bypass via Path Traversal & Image ValidationMultiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due path traversal and improper image integrity validation. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. ERP |
IOS XE
|
| CVE-2025-20311 | Sep 24, 2025 |
Cisco IOS XE Catalyst 9000 Ethernet Frame DoS via Crafted FramesA vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to become blocked and drop all outbound traffic. This vulnerability is due to improper handling of crafted Ethernet frames. An attacker could exploit this vulnerability by sending crafted Ethernet frames through an affected switch. A successful exploit could allow the attacker to cause the egress port to which the crafted frame is forwarded to start dropping all frames, resulting in a denial of service (DoS) condition. |
IOS XE
|
| CVE-2025-20327 | Sep 24, 2025 |
Cisco IOS Web UI DoS via crafted URLA vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted URL in an HTTP request. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. |
Internetwork Operating System (IOS)
|
| CVE-2025-20312 | Sep 24, 2025 |
Cisco IOS XE SNMP v1/2c/3 Denial-of-Service via SNMP RequestA vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when parsing a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system. |
IOS XE
|
| CVE-2025-20352 | Sep 24, 2025 |
Cisco IOS/IOS XE SNMP DoS via Stack OverflowA vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software. To cause the DoS, the attacker must have the SNMPv2c or earlier read-only community string or valid SNMPv3 user credentials. An authenticated, remote attacker with high privileges could execute code as the root user on an affected device that is running Cisco IOS XE Software. To execute code as the root user, the attacker must have the SNMPv1 or v2c read-only community string or valid SNMPv3 user credentials and administrative or privilege 15 credentials on the affected device. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device over IPv4 or IPv6 networks. This vulnerability is due to a stack overflow condition in the SNMP subsystem of the affected software. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system. Note: This vulnerability affects all versions of SNMP. |
Internetwork Operating System (IOS)
IOS XE
|
| CVE-2025-20160 | Sep 24, 2025 |
Cisco IOS TACACS+ Shared Secret Missing Remote Data Exposure/Auth BypassA vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentication. This vulnerability exists because the system does not properly check whether the required TACACS+ shared secret is configured. A machine-in-the-middle attacker could exploit this vulnerability by intercepting and reading unencrypted TACACS+ messages or impersonating the TACACS+ server and falsely accepting arbitrary authentication requests. A successful exploit could allow the attacker to view sensitive information in a TACACS+ message or bypass authentication and gain access to the affected device. |
Internetwork Operating System (IOS)
IOS XE
|
| CVE-2025-20315 | Sep 24, 2025 |
Cisco IOS XE NBAR DoS via malformed CAPWAP packetsA vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing a denial of service (DoS) condition. This vulnerability is due to improper handling of malformed Control and Provisioning of Wireless Access Points (CAPWAP) packets. An attacker could exploit this vulnerability by sending malformed CAPWAP packets through an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. |
IOS XE
|
| CVE-2025-20334 | Sep 24, 2025 |
Remote Cmd Injection in Cisco IOS XE HTTP API with Root PrivilegesA vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by authenticating to an affected system and performing an API call with crafted input. Alternatively, an unauthenticated attacker could persuade a legitimate user with administrative privileges who is currently logged in to the system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary commands as the root user. |
IOS XE
|
| CVE-2025-20339 | Sep 24, 2025 |
Cisco SD-WAN vEdge ACL Bypass Vulnerability (CVE-2025-20339)A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the improper enforcement of the implicit deny all at the end of a configured ACL. An attacker could exploit this vulnerability by attempting to send unauthorized traffic to an interface on an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. |
Sd Wan
|
| CVE-2025-20365 | Sep 24, 2025 |
Cisco AP IPv6 RA Gateway Spoof VulnerabilityA vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software could allow an unauthenticated, adjacent attacker to modify the IPv6 gateway on an affected device. This vulnerability is due to a logic error in the processing of IPv6 RA packets that are received from wireless clients. An attacker could exploit this vulnerability by associating to a wireless network and sending a series of crafted IPv6 RA packets. A successful exploit could allow the attacker to temporarily change the IPv6 gateway of an affected device. This could also lead to intermittent packet loss for any wireless clients that are associated with the affected device. |
IOS XE
|
| CVE-2025-20364 | Sep 24, 2025 |
CVE202520364: Unauth Adjacent Attack on Cisco AP 802.11 Action Frame ProcessingA vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point (AP) Software could allow an unauthenticated, adjacent attacker to inject wireless 802.11 action frames with arbitrary information. This vulnerability is due to insufficient verification checks of incoming 802.11 action frames. An attacker could exploit this vulnerability by sending 802.11 Device Analytics action frames with arbitrary parameters. A successful exploit could allow the attacker to inject Device Analytics action frames with arbitrary information, which could modify the Device Analytics data of valid wireless clients that are connected to the same wireless controller. |
IOS XE
|
| CVE-2025-20248 | Sep 10, 2025 |
CVE-2025-20248: Auth Local Byp IOS XR Img Sig VerifA vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files during the installation of an .iso file. An attacker could exploit this vulnerability by modifying contents of the .iso image and then installing and activating it on the device. A successful exploit could allow the attacker to load an unsigned file as part of the image activation process. |
Ios Xr
|