Critical Vulnerabilities Identified in Cisco Meraki and Enterprise Chat

Cisco has issued a warning regarding severe security vulnerabilities found in the VPN services of its Meraki devices and in its Enterprise Chat and Email platforms. System administrators are urged to implement the latest updates promptly to mitigate potential risks.

The vulnerabilities affect the Anyconnect VPN software utilized in Cisco's Meraki MX and Z series devices. According to Cisco's security advisory, attackers with valid VPN credentials could exploit these weaknesses to initiate a Denial-of-Service (DoS) attack on the Anyconnect VPN service. This issue arises from an uninitialized variable during the establishment of an SSL VPN session, allowing attackers to pass manipulated attributes that could lead to service disruption, impacting other VPN sessions as well (CVE-2025-20212, CVSS 7.7, high risk).

Cisco has identified various devices that are vulnerable and has provided firmware updates to resolve these issues. The recommended versions for firmware updates are 18.107.12 (for 18.1 branch), 18.211.4 (for 18.2 firmware), and 19.1.4, as earlier versions prior to 16.2 are not affected. Users of 16.2 and 17.x versions should migrate to the corrected firmware branches to ensure security.

In addition to the vulnerabilities in Meraki, Cisco's Enterprise Chat and Email (ECE) platform is also at risk. Unauthenticated attackers can exploit this system to generate a Denial-of-Service condition due to inadequate validation of user-provided data at chat entry points. By sending crafted requests, these malicious actors can incapacitate the chat service, which requires manual intervention from administrators to restart (CVE-2025-20139, CVSS 7.5, high risk).

Cisco has made ECE 12.6 ES 10 available as a software update to address this vulnerability. Users operating on version 12.5 or earlier are advised to upgrade to this latest version to safeguard their systems.

Furthermore, Cisco has updated its security advisory regarding critical vulnerabilities found in its Smart Licensing Utility, detailing observed cyberattacks that have leveraged these weaknesses in the wild.