Cisco Addresses High Severity Vulnerabilities in Enterprise Chat and Email, and Meraki MX/Z Series Devices

Cisco has released security advisories addressing vulnerabilities in its Enterprise Chat and Email (ECE) product and its Meraki MX and Z Series devices. These vulnerabilities could allow for denial-of-service (DoS) attacks.

Cisco Enterprise Chat and Email Vulnerability (CVE-2025-20139)

A vulnerability in the chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition. The vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit this by sending malicious requests to a messaging chat entry point in the affected application, potentially causing the application to stop responding.

According to the advisory, “The application may not recover on its own and may need an administrator to manually restart services to recover.”

Affected Products and Mitigation

The vulnerability affects Cisco ECE if the chat feature is enabled and an entry point has been configured. The advisory clarifies that “Cisco ECE is not affected in its default configuration.”

Cisco has released software updates to address this vulnerability. Users are advised to check if they have chat entry points configured by connecting to the System Console and navigating to the Chat & Messaging entry points.

Cisco Meraki MX and Z Series Devices Vulnerability (CVE-2025-20212)

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial-of-service (DoS) condition in the Cisco AnyConnect service on an affected device.

The advisory emphasizes that “To exploit this vulnerability, the attacker must have valid VPN user credentials on the affected device.”

This vulnerability exists because a variable is not initialized when an SSL VPN session is established. An attacker could exploit this by supplying crafted attributes while establishing an SSL VPN session, which could cause the Cisco AnyConnect VPN server to restart. A successful exploit could lead to the failure of established SSL VPN sessions and force remote users to initiate a new VPN connection and reauthenticate. “A sustained attack could prevent new SSL VPN connections from being established,” the advisory warns.

The advisory also notes that “When the attack traffic stops, the Cisco AnyConnect VPN server recovers without manual intervention.”

Affected Products and Mitigation

The vulnerability affects Cisco Meraki MX and Z Series devices running vulnerable firmware with Cisco AnyConnect VPN enabled.

To determine whether Cisco AnyConnect VPN is enabled, administrators can log in to the Dashboard and check the Client VPN settings.

Cisco has also released software updates to address this vulnerability. Users should consult the advisory for the specific fixed releases for their firmware version.

Related Posts:

• SAML Authentication System Vulnerability Affects Cisco Firepower, AnyConnect, and ASA Products
• Malicious Cisco AnyConnect Ads Target Users with NetSupport RAT
• Nitrogen Malware: BlackCat’s New Weapon in Disguised Advertising Attacks
• Don’t Click! Fake Chat Used in Meta Business Account Phishing