Cisco Unified Communications Products Command Injection Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Unified%20Communications%20Products%20Command%20Injection%20Vulnerability%26vs_k=1
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.
This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy
Security Impact Rating: Medium
CVE: CVE-2025-20278
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Unified%20Communications%20Products%20Command%20Injection%20Vulnerability%26vs_k=1
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.
This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy
Security Impact Rating: Medium
CVE: CVE-2025-20278
Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20Wireless%20Controller%20Software%20Arbitrary%20File%20Upload%20Vulnerability%26vs_k=1
A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.
This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP file upload interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication (https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279).
Security Impact Rating: Critical
CVE: CVE-2025-20188
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20Wireless%20Controller%20Software%20Arbitrary%20File%20Upload%20Vulnerability%26vs_k=1
A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.
This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP file upload interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication (https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279).
Security Impact Rating: Critical
CVE: CVE-2025-20188
Talking quantum computing and emerging technologies with Ramana Kompella
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2025/m06/talking-quantum-computing-and-emerging-technologies-with-ramana-kompella.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2025/m06/talking-quantum-computing-and-emerging-technologies-with-ramana-kompella.html?source=rss
Cisco is focusing on quantum networking as a next-generation technology, with innovations that aim to unify classical and quantum internet infrastructures.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
Cisco Event Response: September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication
https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75169&vs_f=Cisco%20Event%20Responses%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Event%20Response:%20September%202024%20Semiannual%20Cisco%20IOS%20and%20IOS%20XE%20Software%20Security%20Advisory%20Bundled%20Publication%26vs_k=1
https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75169&vs_f=Cisco%20Event%20Responses%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Event%20Response:%20September%202024%20Semiannual%20Cisco%20IOS%20and%20IOS%20XE%20Software%20Security%20Advisory%20Bundled%20Publication%26vs_k=1
Splunk + Cisco ThousandEyes: new integration for end-to-end digital resilience
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2025/m06/splunk-cisco-thousandeyes-new-integration-for-end-to-end-digital-resilience.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2025/m06/splunk-cisco-thousandeyes-new-integration-for-end-to-end-digital-resilience.html?source=rss
Unlock AI's potential with Splunk Observability & Cisco ThousandEyes integrations, bridging silos across apps, infrastructure, and networks.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
Cisco Powers Secure Infrastructure for the AI Era
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2025/m06/cisco-powers-secure-infrastructure-for-the-ai-era.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2025/m06/cisco-powers-secure-infrastructure-for-the-ai-era.html?source=rss
Cisco (NASDAQ: CSCO) today unveiled new innovations to help companies adapt and transform in the AI era.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
Reinventing infrastructure for the next wave of AI at Cisco Live
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2025/m06/reinventing-infrastructure-for-the-next-wave-of-ai-at-cisco-live.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2025/m06/reinventing-infrastructure-for-the-next-wave-of-ai-at-cisco-live.html?source=rss
Cisco introduces groundbreaking AI innovations, emphasizing secure, scalable infrastructure to power the AI era and reimagine networking, data, and security.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
Cisco Powers AI-Ready Data Centers, From Hyperscale to Enterprise
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2025/m06/cisco-powers-ai-ready-data-centers-from-hyperscale-to-enterprise.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2025/m06/cisco-powers-ai-ready-data-centers-from-hyperscale-to-enterprise.html?source=rss
Today Cisco (NASDAQ: CSCO) unveiled groundbreaking innovations to simplify, secure, and future-proof data centers, empowering organizations to scale
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
Announcing Cisco AI Canvas. Revolutionizing IT with AgenticOps
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2025/m06/announcing-cisco-ai-canvas-revolutionizing-it-with-agenticops.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2025/m06/announcing-cisco-ai-canvas-revolutionizing-it-with-agenticops.html?source=rss