Cisco has addressed two significant denial-of-service (DoS) vulnerabilities affecting its Meraki devices and Enterprise Chat and Email (ECE) products. These flaws, which could potentially disrupt the functionality of the devices and applications, were fixed in recent updates.
The first vulnerability, identified as CVE-2025-20212, impacts the Meraki MX and Meraki Z series devices. It is linked to the AnyConnect VPN server, where an uninitialized variable in the SSL VPN session process could lead to a server restart. If exploited by an attacker with valid VPN credentials, the attacker could send specially crafted attributes during the SSL VPN session, causing the server to restart and forcing users to reconnect.
Cisco warns that repeated exploitation of this flaw could result in new SSL VPN connections being blocked, potentially causing service interruptions for remote users. However, once the attack ceases, the server automatically recovers. Users of Meraki MX devices running firmware versions 18.107.12, 18.211.4, and 19.1.4 are advised to apply the patches. Older firmware versions, including 16.2 and 17, should also be updated to the latest releases, though these earlier versions are not affected.
The second DoS vulnerability, tracked as CVE-2025-20139, affects Cisco’s Enterprise Chat and Email (ECE) messaging platform. This issue, which arises from improper validation of user-supplied input, allows attackers to remotely send malicious requests to the chat application, causing it to become unresponsive. Unlike the Meraki flaw, this vulnerability can be exploited without requiring authentication.
Cisco highlights that instances where the chat feature is enabled and has an entry point configured are at risk. In these cases, administrators may need to manually restart the services to restore functionality. The fix for this vulnerability is included in Cisco ECE version 12.6 ES 10. Users on earlier versions are urged to upgrade to the patched release.
Alongside these high-severity flaws, Cisco has also rolled out patches for two medium-severity vulnerabilities in its Evolved Programmable Network Manager (EPNM) and Prime Infrastructure platforms. These issues, related to improperly validated user input, could lead to remote, unauthenticated cross-site scripting (XSS) attacks via the web-based management interface.
Although Cisco has not received any reports of these vulnerabilities being exploited in the wild, the company urges users to apply the security patches promptly.
Finally, Cisco updated its advisory for two critical vulnerabilities in its Smart Licensing Utility. These flaws, which were patched in September 2024, were exploited in real-world attacks starting in March 2025. The vulnerabilities, CVE-2024-20439 and CVE-2024-20440, could allow attackers to gain administrative privileges and access sensitive log files.
Cisco recommends that all users apply the patches as soon as possible to avoid potential security breaches.
