TL;DR 📌

A cross-site scripting (XSS) vulnerability has been identified in the Cisco BroadWorks CommPilot Application Software, which could allow an authenticated attacker to execute arbitrary scripts. The highest CVSS score is 4.8, categorized as Medium severity. No workarounds are available, and users are advised to upgrade to fixed software versions.

What happened 🕵️‍♂️

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software has been discovered. This flaw allows an authenticated remote attacker to conduct cross-site scripting (XSS) attacks by injecting malicious code into specific pages of the interface. Successful exploitation could enable the attacker to execute arbitrary script code or access sensitive browser-based information. To exploit this vulnerability, the attacker must possess valid administrative credentials.

TL;DR 📌

A medium-severity information disclosure vulnerability has been identified in Cisco TelePresence Collaboration Endpoint and RoomOS Software. An authenticated attacker could exploit this vulnerability to view sensitive information in clear text. Cisco has released fixed software, and there are no workarounds available.

What happened 🕵️‍♂️

A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software allows an authenticated, remote attacker to view sensitive information in clear text on affected systems. This issue arises when SIP media component logging is enabled, which can lead to the exposure of unencrypted credentials stored in audit logs. An attacker with valid administrative credentials could exploit this vulnerability to access confidential information, potentially including personally identifiable information (PII).

TL;DR 📌

Cisco has identified multiple vulnerabilities in the Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 that could allow unauthenticated remote attackers to cause denial of service (DoS) conditions or conduct cross-site scripting (XSS) attacks. The highest CVSS score is 7.5, indicating a high severity risk. Software updates are available to address these vulnerabilities, and there are no workarounds.

TL;DR 📌

A stored cross-site scripting (XSS) vulnerability has been identified in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME). This vulnerability allows an authenticated remote attacker to execute arbitrary script code, potentially accessing sensitive information. Cisco has released fixed software updates, but no workarounds are available.

What happened 🕵️‍♂️

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated attacker to conduct a cross-site scripting (XSS) attack. This occurs because the interface fails to properly validate user input, enabling the injection of malicious code. Successful exploitation could lead to the execution of arbitrary scripts in the context of the affected interface, compromising sensitive, browser-based information.

TL;DR 📌

Cisco Cyber Vision Center has multiple stored cross-site scripting (XSS) vulnerabilities that could allow authenticated remote attackers to execute arbitrary scripts. The highest CVSS score for these vulnerabilities is 5.4, categorized as Medium severity. There are no workarounds available, and users are advised to upgrade to fixed software releases.

What happened 🕵️‍♂️

Multiple vulnerabilities have been identified in the web-based management interface of Cisco Cyber Vision Center. These vulnerabilities arise from insufficient validation of user-supplied input, enabling authenticated attackers to conduct XSS attacks. Successful exploitation could allow attackers to execute arbitrary scripts or access sensitive browser-based information. Specifically, exploitation of CVE-2025-20356 requires administrative access to the Sensor Explorer page, while CVE-2025-20357 requires access to the Reports page.

TL;DR 📌

A medium-severity vulnerability has been identified in Cisco Wireless Access Point Software related to Device Analytics action frame processing. An unauthenticated adjacent attacker could exploit this vulnerability to inject arbitrary information into wireless 802.11 action frames. Cisco has released fixed software, but no workarounds are available.

What happened 🕵️‍♂️

A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point Software allows an unauthenticated, adjacent attacker to inject wireless 802.11 action frames with arbitrary information. This issue arises from insufficient verification checks of incoming 802.11 action frames. Successful exploitation could modify the Device Analytics data of valid wireless clients connected to the same wireless controller.

TL;DR 📌

A medium-severity vulnerability has been identified in Cisco Access Point Software that could allow an unauthenticated, adjacent attacker to modify the IPv6 gateway on affected devices. There are no workarounds available, and users are advised to upgrade to fixed software releases.

What happened 🕵️‍♂️

A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software could allow an unauthenticated, adjacent attacker to change the IPv6 gateway on affected devices. This vulnerability arises from a logic error in processing IPv6 RA packets received from wireless clients. An attacker could exploit this by associating with a wireless network and sending crafted IPv6 RA packets, potentially leading to intermittent packet loss for associated wireless clients.

TL;DR 📌

A vulnerability in Cisco SD-WAN vEdge Software could allow unauthenticated remote attackers to bypass access control lists (ACLs) on affected devices. This vulnerability has a medium severity rating (CVSS 5.8). Cisco has released fixed software and workarounds are available.

What happened 🕵️‍♂️

A vulnerability has been identified in the access control list (ACL) processing of IPv4 packets within Cisco SD-WAN vEdge Software. This flaw allows an unauthenticated remote attacker to bypass configured ACLs due to improper enforcement of the implicit deny rule at the end of an ACL. By exploiting this vulnerability, attackers can send unauthorized traffic to an affected device’s interface, potentially compromising network security.

TL;DR 📌

A denial of service (DoS) vulnerability has been identified in the ARP implementation of Cisco IOS XR Software. An unauthenticated, adjacent attacker can exploit this vulnerability by sending excessive ARP traffic to the management interface, potentially leading to degraded performance or complete unresponsiveness of the device. Cisco has released software updates to address this issue, but no workarounds are available.

TL;DR 📌

A medium severity vulnerability has been identified in Cisco IOS XR Software that allows an authenticated local attacker to bypass image signature verification, potentially leading to the installation of unsigned software. No workarounds are available, and users are advised to update to fixed software versions.

What happened 🕵️‍♂️

A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker with root-system privileges to bypass the software image signature verification. This flaw arises from incomplete validation of files during the installation of an .iso file. An attacker could exploit this by modifying the .iso image and installing it on the device, leading to the activation of unsigned software.