April 29, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
North Korea-Linked Konni APT Group – Active IOCs
April 3, 2025Multiple IBM Products Vulnerabilities
April 3, 2025North Korea-Linked Konni APT Group – Active IOCs
April 3, 2025Multiple IBM Products Vulnerabilities
April 3, 2025
Severity
High
Analysis Summary
CVE-2025-20212 CVSS:7.7
A vulnerability exists in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices that could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. An attacker with valid VPN user credentials can potentially trigger this vulnerability by not initializing a specific variable during SSL VPN session establishment. When exploited, the vulnerability can cause the Cisco AnyConnect VPN server to restart, which interrupts existing SSL VPN sessions and forces remote users to reconnect and reauthenticate. The attack could prevent new SSL VPN connections from being established, though the VPN server will automatically recover once the attack traffic stops.
CVE-2025-20203 CVSS:4.8
Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure are vulnerable to cross-site scripting, caused by insufficient input validation by the web-based management interface. A remote authenticated attacker could conduct a cross-site scripting (XSS) attack against a user of the interface.
CVE-2025-20139 CVSS:7.5
Cisco Enterprise Chat and Email (ECE) are vulnerable to a denial of service, caused by improper validation of user-supplied input to chat entry points. By sending specially crafted requests to a messaging chat entry point, a remote could exploit this vulnerability to cause a denial of service.
CVE-2025-20120 CVSS:6.1
Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure are vulnerable to cross-site scripting, caused by insufficient input validation by the web-based management interface. A remote attacker could conduct a cross-site scripting (XSS) attack against a user of the interface.
Impact
- Denial of Service
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-20212
CVE-2025-20203
CVE-2025-20139
CVE-2025-20120
Affected Vendors
- Cisco
Affected Products
- Cisco Prime Infrastructure
- Cisco Enterprise Chat and Email
- Cisco Meraki MX Firmware - 16.2 - 16.3 - 16.4 - 16.5 - 16.6 - 17.3 - 17.6 - 17.7 - 17.8 - 17.9 - 17.10 - 18.1 - 18.2 - 19.1
- Cisco Evolved Programmable Network Manager (EPNM)
Remediation
Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.
