Cyber999 Advisories

1.0 Introduction
Recently, Cisco has released security updates to address multiple critical and high-severity vulnerabilities impacting a broad range of its products, including Cisco IOS XE, IOS XR, Wireless Controllers, SD-WAN Manager, Catalyst switches, and security appliances.

2.0 Impact
These vulnerabilities could allow an attacker to unauthenticated remote code execution (RCE), arbitrary file uploads, privilege escalation, denial-of-service (DoS) and unauthenticated RCE in Erlang/OTP SSH Server.

3.0 Affected Products

Critical Vulnerabilities

• CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Server
• CVE-2025-20188: Arbitrary File Upload in Cisco IOS XE Wireless Controller Software

High Severity Vulnerabilities

• CVE-2025-20140: Cisco IOS XE Software for WLC Wireless IPv6 Clients Denial of Service Vulnerability
• CVE-2025-20186: Cisco IOS XE Software Web-Based Management Interface Command Injection Vulnerability
• CVE-2025-20154: Cisco IOS, IOS XE, and IOS XR Software TWAMP Denial of Service Vulnerability
• CVE-2025-20191: Multiple Cisco Products Switch Integrated Security Features DHCPv6 Denial of Service Vulnerability
• CVE-2025-20122: Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability
• CVE-2025-20182: Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IKEv2 Denial of Service Vulnerability
• CVE-2025-20197: Cisco IOS XE Software Privilege Escalation Vulnerability
• CVE-2025-20198: Cisco IOS XE Software Privilege Escalation Vulnerability • CVE-2025-20192: Cisco IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability
• CVE-2025-20162: Cisco IOS XE Software DHCP Snooping Denial of Service Vulnerability
• CVE-2025-20164: Cisco IOS Software Industrial Ethernet Switch Device Manager Privilege Escalation Vulnerability
• CVE-2025-20202: Cisco IOS XE Wireless Controller Software Cisco Discovery Protocol Denial of Service Vulnerability
• CVE-2025-20210: Cisco Catalyst Center Unauthenticated API Access Vulnerability
• CVE-2025-20181: Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches Secure Boot Bypass Vulnerability
• CVE-2025-20189: Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers ARP Denial of Service Vulnerability

4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the following advisories and apply the necessary updates:

Kindly, please refer to the URL below:

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-p6Gvt6HL
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-gVn3OKNC
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sisf-dos-ZGwt4DdY
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-priviesc-WCk7bmmt
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multiprod-ikev2-dos-gPctUqv2
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-privesc-su7scvdp
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ikev1-dos-XHk3HzFC
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcpsn-dos-xBn8Mtks
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-api-nBPZcJCM
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960-3560-sboot-ZtqADrHq
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ

For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

Generally, Cyber999 advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact us through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 08:30 -17:30 MYT 
Web: https://www.mycert.org.my 

5.0 References

• https://sec.cloudapps.cisco.com/security/center/publicationListing.x
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-p6Gvt6HL
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-gVn3OKNC
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sisf-dos-ZGwt4DdY
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-priviesc-WCk7bmmt
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multiprod-ikev2-dos-gPctUqv2
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-privesc-su7scvdp
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ikev1-dos-XHk3HzFC
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcpsn-dos-xBn8Mtks
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-api-nBPZcJCM
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960-3560-sboot-ZtqADrHq
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ