TL;DR 📌

A privilege escalation vulnerability has been identified in Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager. This flaw allows authenticated attackers with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. Cisco has released software updates to address this issue, but no workarounds are available.

What happened 🕵️‍♂️

A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager was discovered. This vulnerability stems from insufficient input validation in specific fields, allowing an authenticated attacker to send crafted input and execute arbitrary commands with root privileges on the underlying operating system.

TL;DR 📌

A command injection vulnerability has been identified in multiple Cisco Unified Communications products. This flaw allows an authenticated local attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has released software updates to address this issue, and there are no workarounds available.

What happened 🕵️‍♂️

A vulnerability in the Command Line Interface (CLI) of several Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the affected device’s operating system as the root user. This vulnerability stems from improper validation of user-supplied command arguments. To exploit this vulnerability, the attacker must possess valid administrative credentials.

TL;DR 📌

A privilege escalation vulnerability has been identified in multiple Cisco Unified Communications and Contact Center Solutions products. An authenticated local attacker could exploit this vulnerability to gain root access on affected devices. Cisco has released software updates to address this issue, but there are no workarounds available.

What happened 🕵️‍♂️

A vulnerability in various Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate their privileges to root on an affected device. This vulnerability arises from excessive permissions assigned to system commands, enabling an attacker to execute crafted commands on the underlying operating system. To exploit this vulnerability, administrative access to the ESXi hypervisor is required.

TL;DR 📌

A medium-severity vulnerability has been identified in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE). This flaw could allow unauthenticated, remote attackers to read and modify data on affected devices. Cisco has released software updates to address this issue, but there are no workarounds available.

What happened 🕵️‍♂️

A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) has been discovered. This issue arises from insufficient access controls, enabling unauthenticated remote attackers to send crafted TCP data to a specific port on affected devices. If successfully exploited, attackers could read or modify data on these devices.

TL;DR 📌

Multiple privilege escalation vulnerabilities have been identified in Cisco Unified Intelligence Center, allowing authenticated remote attackers to elevate their privileges. Cisco has released software updates to address these vulnerabilities, and there are no workarounds available.

What happened 🕵️‍♂️

Cisco has disclosed vulnerabilities in the Cisco Unified Intelligence Center that could allow authenticated remote attackers to perform privilege escalation attacks. These vulnerabilities arise from insufficient validation of user-supplied parameters in API or HTTP requests, potentially enabling attackers to access or modify data beyond their intended access level.

TL;DR 📌

A cross-site scripting (XSS) vulnerability has been identified in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise. This could allow an unauthenticated attacker to execute arbitrary script code. No workarounds are available, and software updates are forthcoming.

What happened 🕵️‍♂️

Cisco has disclosed a vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise. This vulnerability arises from insufficient user input validation, enabling an attacker to potentially execute arbitrary script code within the context of the affected interface. The attacker would need to persuade a user to click on a crafted link to exploit this vulnerability.

TL;DR 📌

A medium-severity HTTP cache poisoning vulnerability has been identified in Cisco Webex Meetings Services. No user action is required as Cisco has addressed the issue in the cloud-based service.

What happened 🕵️‍♂️

A vulnerability in the client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses. This issue arises from improper handling of malicious HTTP requests, potentially leading to incorrect HTTP responses being returned to clients. Fortunately, Cisco has already resolved this vulnerability, and no customer action is necessary to update on-premises software or devices.

TL;DR 📌

Cisco has identified multiple cross-site scripting (XSS) vulnerabilities in Cisco Webex Services that could allow an unauthenticated remote attacker to exploit users. The vulnerabilities have been addressed, and no user action is required for updates.

What happened 🕵️‍♂️

Multiple vulnerabilities in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. These vulnerabilities arise from improper filtering of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user to follow a malicious link, which could lead to a successful XSS attack against the targeted user.

TL;DR 📌

• Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These vulnerabilities are due to improper access controls on files that are in the local file system. An attacker could exploit these vulnerabilities by using a symbolic link to perform an agent upgrade…
• No fixed release listed yet; apply mitigations and monitor.
• Workarounds are documented in the advisory.
• CVEs: CVE-2025-20259.

What happened 🕵️‍♂️

Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device.

TL;DR 📌

• A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device. This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading an authenticated, local user to open a crafted .aef…
• No fixed release listed yet; apply mitigations and monitor.
• Workarounds are documented in the advisory.
• CVEs: CVE-2025-20275.

What happened 🕵️‍♂️

A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device.