CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

High-Severity Vulnerabilities Patched by Cisco, Atlassian

Cisco has resolved a high-severity vulnerability in Meraki MX and Meraki Z devices. Atlassian pushed patches for multiple third-party dependencies. The post High-Severity Vulnerabilities Patched by Cisco, Atlassian appeared first on SecurityWeek.

Cisco and Atlassian on Wednesday announced the rollout of patches for multiple high-severity vulnerabilities in their products, many leading to denial-of-service (DoS) conditions.

Cisco released firmware updates for Meraki devices to resolve a high-severity flaw allowing attackers to cause the AnyConnect VPN server on these products to restart, leading to a DoS condition. Tracked as CVE-2025-20271 (CVSS score of 8.6), the bug can be exploited remotely.

“This vulnerability is due to variable initialization errors when an SSL VPN session is established. […] A sustained attack could prevent new SSL VPN connections from being established, effectively making the Cisco AnyConnect VPN service unavailable for all legitimate users,” Cisco explains.

The security defect impacts roughly two dozen Meraki MX and Meraki Z devices and was resolved in Meraki MX firmware versions 18.107.13, 18.211.6, and 19.1.8.

The company also rolled out fixes for a DoS bug in the Universal Disk Format (UDF) processing of ClamAV. Tracked as CVE-2025-20234, it can be exploited by submitting crafted files containing UDF content to the ClamAV, the company notes.

Cisco says it is not aware of any of these vulnerabilities being exploited in the wild, but users are advised to apply the available patches as soon as possible.

Atlassian announced patches for five vulnerabilities in third-party dependencies in Bamboo, Bitbucket, Confluence, Crowd, and Jira.

These include CVE-2025-22228 (an improper authorization in Spring), CVE-2025-24970 (a DoS flaw in the Netty framework), CVE-2024-38816 (a path traversal related to the WebMvc.fn and WebFlux.fn web frameworks), CVE-2024-57699 (a DoS bug in Netplex Json-smart), and CVE-2025-31650 (DoS in Apache Tomcat).

To resolve these issues, Atlassian released software updates for Bamboo Data Center and Server, Bitbucket Data Center and Server, Confluence Data Center and Server, Crowd Data Center and Server, Jira Data Center and Server, and Jira Service Management Data Center and Server.

Users are advised to update their instances as soon as possible, even if Atlassian makes no mention of any of these security defects being exploited.

Related: Critical Vulnerability Patched in Citrix NetScaler

Related: Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products

Related: High-Severity Vulnerabilities Patched in Tenable Nessus Agent

Related: Palo Alto Networks Patches Privilege Escalation Vulnerabilities

Latest News

CYBERNEWSMEDIAPublisher