Cisco Security Advisory: IOSXE RCE/Auth Bypass, ASA RCE, and Multiple Critical Vulnerabilities

Critical Vulnerability Information Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software: - CVE-2025-20333: Remote Code Execution Vulnerability (Critical) - CVE-2025-20363: Remote Code Execution Vulnerability (Critical) - CVE-2025-20362: Unauthorized Access Vulnerability (Medium) Cisco Unified Contact Center Express: - CVE-2025-20354, CVE-2025-20358: Remote Code Execution Vulnerabilities (Critical) Cisco Identity Services Engine: - CVE-2025-20343: RADIUS Suppression Denial of Service Vulnerability (High) - CVE-2025-20289, CVE-2025-20324: Reflected Cross-Site Scripting and Information Disclosure Vulnerabilities (Medium) Cisco Contact Center Products: - Multiple Vulnerabilities (Medium) Cisco BroadWorks CommPilot Application Software: - CVE-2025-20307: Cross-Site Scripting Vulnerability (Medium) Cisco Desk Phone, IP Phone, Video Phone: - CVE-2025-20350, CVE-2025-20351: Software Vulnerabilities (High) Cisco IOSXE Software: - CVE-2025-20313, CVE-2025-20314: Secure Boot Bypass Vulnerabilities (High) - CVE-2025-20352: SNMP Denial of Service and Remote Code Execution Vulnerability (High) - CVE-2025-20160: TACACS+ Authentication Bypass Vulnerability (High) Other Medium-Risk Vulnerabilities Cisco Snort 3 MIME Denial of Service Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability Cisco Cyber Vision Center Stored Cross-Site Scripting Vulnerabilities Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability Cisco IOSXE Software for Catalyst 9000 Series Switches Denial of Service Vulnerability Cisco Access Point Software Intermittent IPv6 Gateway Change Vulnerability Cisco IOSXE Software Web Authentication Reflected Cross-Site Scripting Vulnerability Cisco IOSXE Software Simple Network Management Protocol Denial of Service Vulnerability Latest Update Time Most critical and high-risk vulnerabilities were updated on November 6, 2025, with some updated on November 5, 2025, and October 15, 2025.

Goal Reached Thanks to every supporter — we hit 100%!

Cisco Security Advisory: IOSXE RCE/Auth Bypass, ASA RCE, and Multiple Critical Vulnerabilities