Request a Demo
Rewterz
APT29 Bypasses Gmail 2FA Using App Passwords – Active IOCs
June 19, 2025
Rewterz
STRRAT Malware – Active IOCs
June 19, 2025

Multiple Cisco Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-20271 CVSS:8.6

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device.

CVE-2025-20234 CVSS:5.3

A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

CVE-2025-20260 CVSS:9.8

A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device.

Impact

  • Denial of Service
  • Buffer Overflow
  • Code Execution

Indicators of Compromise

CVE

  • CVE-2025-20271

  • CVE-2025-20234

  • CVE-2025-20260

Affected Vendors

  • Cisco

Affected Products

  • Cisco Meraki MX Firmware MX64
  • Cisco Meraki MX Firmware MX64W
  • Cisco Meraki MX Firmware MX65
  • Cisco Meraki MX Firmware MX65W
  • Cisco Meraki MX Firmware MX67C
  • Cisco Meraki MX Firmware MX67
  • Cisco Meraki MX Firmware MX67W
  • Cisco Meraki MX Firmware MX68
  • Cisco Meraki MX Firmware MX68CW
  • Cisco Meraki MX Firmware MX68W
  • Cisco Meraki MX Firmware MX75
  • Cisco Meraki MX Firmware MX84
  • Cisco Meraki MX Firmware MX85
  • Cisco Meraki MX Firmware MX95
  • Cisco Meraki MX Firmware MX100
  • Cisco Meraki MX Firmware MX105
  • Cisco Meraki MX Firmware MX250
  • Cisco Meraki MX Firmware MX400
  • Cisco Meraki MX Firmware MX450
  • Cisco Meraki MX Firmware MX600
  • Cisco Meraki MX Firmware vMX
  • Cisco Meraki Z Series Teleworker Gateway Z3
  • Cisco Meraki Z Series Teleworker Gateway Z3C
  • Cisco Meraki Z Series Teleworker Gateway Z4
  • Cisco Meraki Z Series Teleworker Gateway Z4C
  • Cisco Secure Endpoint Connector for Linux 1.26.1
  • Cisco Secure Endpoint Connector for Mac 1.26.1
  • Cisco Secure Endpoint Connector for Windows 7.5.21
  • Cisco Secure Endpoint Connector for Windows 8.4.5
  • Cisco Secure Endpoint Private Cloud 4.2.2
  • Cisco ClamAV 1.4.3
  • Cisco ClamAV 1.0.9

Remediation

Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-20271

CVE-2025-20234

CVE-2025-20260