Cisco has released updates to address multiple critical vulnerabilities in its products, including CVE-2025-20156, a privilege escalation flaw in Cisco Meeting Management (CVSS 9.9), allowing remote attackers to gain administrator privileges by exploiting improper authorization in the REST API. Affected versions include 3.9 (patched in 3.9.1) and earlier, while version 3.10 is not vulnerable. Other patched flaws include CVE-2025-20165 (CVSS 7.5), a DoS vulnerability in BroadWorks SIP traffic handling, and CVE-2025-20128 (CVSS 5.3), an integer underflow bug in ClamAV's OLE2 decryption routine. Additionally, U.S. agencies detailed exploit chains leveraging Ivanti vulnerabilities (CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380) for RCE, credential theft, and lateral movement in targeted networks.

‍