TL;DR 📌

Multiple Cisco products are affected by vulnerabilities in the Snort 3 MIME Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or restart, leading to a denial of service. Cisco has released software updates to address these vulnerabilities, but no workarounds are available.

What happened 🕵️‍♂️

Cisco has identified vulnerabilities in the HTTP Multipurpose Internet Mail Extensions (MIME) Decoder within Snort 3, which could be exploited by an unauthenticated remote attacker. These vulnerabilities may lead to the disclosure of sensitive information or cause the Snort 3 Detection Engine to restart unexpectedly, resulting in a denial of service (DoS) condition.

TL;DR 📌

Cisco Cyber Vision Center has multiple stored cross-site scripting (XSS) vulnerabilities that could allow authenticated remote attackers to execute arbitrary scripts. The highest CVSS score for these vulnerabilities is 5.4, categorized as Medium severity. There are no workarounds available, and users are advised to upgrade to fixed software releases.

What happened 🕵️‍♂️

Multiple vulnerabilities have been identified in the web-based management interface of Cisco Cyber Vision Center. These vulnerabilities arise from insufficient validation of user-supplied input, enabling authenticated attackers to conduct XSS attacks. Successful exploitation could allow attackers to execute arbitrary scripts or access sensitive browser-based information. Specifically, exploitation of CVE-2025-20356 requires administrative access to the Sensor Explorer page, while CVE-2025-20357 requires access to the Reports page.