July 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
APT29 Bypasses Gmail 2FA Using App Passwords – Active IOCs
June 19, 2025
STRRAT Malware – Active IOCs
June 19, 2025
APT29 Bypasses Gmail 2FA Using App Passwords – Active IOCs
June 19, 2025
STRRAT Malware – Active IOCs
June 19, 2025
Severity
High
Analysis Summary
CVE-2025-20271 CVSS:8.6
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device.
CVE-2025-20234 CVSS:5.3
A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
CVE-2025-20260 CVSS:9.8
A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device.
Impact
- Denial of Service
- Buffer Overflow
- Code Execution
Indicators of Compromise
CVE
CVE-2025-20271
CVE-2025-20234
CVE-2025-20260
Affected Vendors
- Cisco
Affected Products
- Cisco Meraki MX Firmware MX64
- Cisco Meraki MX Firmware MX64W
- Cisco Meraki MX Firmware MX65
- Cisco Meraki MX Firmware MX65W
- Cisco Meraki MX Firmware MX67C
- Cisco Meraki MX Firmware MX67
- Cisco Meraki MX Firmware MX67W
- Cisco Meraki MX Firmware MX68
- Cisco Meraki MX Firmware MX68CW
- Cisco Meraki MX Firmware MX68W
- Cisco Meraki MX Firmware MX75
- Cisco Meraki MX Firmware MX84
- Cisco Meraki MX Firmware MX85
- Cisco Meraki MX Firmware MX95
- Cisco Meraki MX Firmware MX100
- Cisco Meraki MX Firmware MX105
- Cisco Meraki MX Firmware MX250
- Cisco Meraki MX Firmware MX400
- Cisco Meraki MX Firmware MX450
- Cisco Meraki MX Firmware MX600
- Cisco Meraki MX Firmware vMX
- Cisco Meraki Z Series Teleworker Gateway Z3
- Cisco Meraki Z Series Teleworker Gateway Z3C
- Cisco Meraki Z Series Teleworker Gateway Z4
- Cisco Meraki Z Series Teleworker Gateway Z4C
- Cisco Secure Endpoint Connector for Linux 1.26.1
- Cisco Secure Endpoint Connector for Mac 1.26.1
- Cisco Secure Endpoint Connector for Windows 7.5.21
- Cisco Secure Endpoint Connector for Windows 8.4.5
- Cisco Secure Endpoint Private Cloud 4.2.2
- Cisco ClamAV 1.4.3
- Cisco ClamAV 1.0.9
Remediation
Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.