Atlassian and Cisco have issued critical security patches this week addressing multiple high-severity vulnerabilities across their product suites. Atlassian resolved four such issues in Bamboo, Confluence, and Jira, primarily tied to outdated third-party dependencies, some dating back six years. Notable fixes include a DoS vulnerability in Netplex Json-smart (CVE-2024-57699) and XXE vulnerabilities in both Jira (CVE-2021-33813) and Confluence (CVE-2019-10172), as well as a DoS flaw in Netty (CVE-2025-24970). Meanwhile, Cisco patched three flaws affecting Webex App, Secure Network Analytics, and Nexus Dashboard. The most severe, CVE-2025-20236, enables remote code execution in Webex via a malicious meeting link. Other issues involve privilege escalation and information disclosure. Neither company reported exploitation of these flaws in the wild.

‍