Cisco has launched software program updates to handle a essential security flaw impacting Assembly Administration that might allow a distant, authenticated attacker to achieve administrator privileges on inclined cases.
The vulnerability, tracked as CVE-2025-20156, carries a CVSS rating of 9.9 out 10.0. It has been described as a privilege escalation flaw within the REST API of Cisco Assembly Administration.
“This vulnerability exists as a result of correct authorization shouldn’t be enforced upon REST API customers,” the corporate stated in a Wednesday advisory. “An attacker may exploit this vulnerability by sending API requests to a selected endpoint.”
“A profitable exploit may enable the attacker to achieve administrator-level management over edge nodes which are managed by Cisco Assembly Administration.”
The networking tools main credited Ben Leonard-Lagarde of Modux for reporting the security shortcoming. It impacts the next variations of the product no matter machine configuration –
- Cisco Assembly Administration launch model 3.9 (Patched in 3.9.1)
- Cisco Assembly Administration launch variations 3.8 and earlier (Migrate to a hard and fast release_
- Cisco Assembly Administration launch model 3.10 (Not susceptible)
Cisco has additionally launched patches to remediate a denial-of-service (DoS) flaw affecting BroadWorks that stems from improper reminiscence dealing with for sure Session Initiation Protocol (SIP) requests (CVE-2025-20165, CVSS rating: 7.5). The problem has been mounted in model RI.2024.11.
“An attacker may exploit this vulnerability by sending a excessive variety of SIP requests to an affected system,” it stated.
“A profitable exploit may enable the attacker to exhaust the reminiscence that was allotted to the Cisco BroadWorks Community Servers that deal with SIP visitors. If no reminiscence is out there, the Community Servers can not course of incoming requests, leading to a DoS situation that requires guide intervention to get better.”
A 3rd vulnerability patched by Cisco is CVE-2025-20128 (CVSS rating: 5.3), an integer underflow bug impacting the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV that might additionally lead to a DoS situation.
The corporate, which acknowledged Google OSS-Fuzz for reporting the flaw, stated it is conscious of the existence of a proof-of-concept (PoC) exploit code, though there is no such thing as a proof it has been maliciously exploited within the wild.
CISA and FBI Element Ivanti Exploit Chains
Information of Cisco flaws comes because the U.S. authorities’s cybersecurity and legislation enforcement companies launched technical particulars of two exploit chains weaponized by nation-state hacking crews to interrupt into Ivanti’s cloud service functions in September 2024.
The vulnerabilities in query are as follows –
The assault sequences, per the Cybersecurity and Infrastructure Safety Company (CISA) and Federal Bureau of Investigation (FBI), concerned the abuse of CVE-2024-8963 along with CVE-2024-8190 and CVE-2024-9380 in a single case, and CVE-2024-8963 and CVE-2024-9379 within the different.
It is value noting that the primary exploit chain was disclosed by Fortinet FortiGuard Labs in October 2024. In a minimum of one occasion, the menace actors are believed to have carried out lateral motion after gaining an preliminary foothold.
The second exploit chain has been discovered to leverage CVE-2024-8963 together with CVE-2024-9379 to acquire entry to the goal community, adopted by unsuccessful makes an attempt to implant internet shells for persistence.
“Menace actors chained the listed vulnerabilities to achieve preliminary entry, conduct distant code execution (RCE), acquire credentials, and implant internet shells on sufferer networks,” the companies stated. “Credentials and delicate information saved inside the affected Ivanti home equipment must be thought of compromised.
