June 30, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Oracle Products Vulnerabilities
January 23, 2025GitLab Urges Immediate Update to Address High-Risk Vulnerabilities
January 23, 2025Multiple Oracle Products Vulnerabilities
January 23, 2025GitLab Urges Immediate Update to Address High-Risk Vulnerabilities
January 23, 2025
Severity
High
Analysis Summary
CVE-2025-20128 CVSS:5.3
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
CVE-2025-20156 CVSS:9.9
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device.
CVE-2025-20165 CVSS:7.5
A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition.
Impact
- Denial of Service
- Buffer Overflow
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-20128
CVE-2025-20156
CVE-2025-20165
Affected Vendors
Cisco
Affected Products
- Cisco Secure Endpoint Connector for Windows
- Cisco Secure Endpoint Private Cloud
- Cisco ClamAV - 1.0.0
- Cisco Secure Endpoint Connector for Linux
- Cisco Secure Endpoint Connector for Mac
- Cisco Meeting Management - CMM 3.4.0
- Cisco Meeting Management - CMM 3.2.0
- Cisco Meeting Management - CMM 2.9.1
- Cisco Meeting Management - CMM 2.9.0
- Cisco Meeting Management - CMM 3.1.0
- Cisco Meeting Management - CMM 3.5.0
- Cisco Meeting Management - CMM 3.6.0
- Cisco Meeting Management - CMM 3.6.1
- Cisco Meeting Management - CMM 3.7.0
- Cisco Meeting Management - CMM 3.8.0
- Cisco Meeting Management - CMM 3.9.0
- Cisco BroadWorks Network Servers
Remediation
Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.