Cisco has released a security advisory addressing a vulnerability in the Cisco Secure Client for Windows. The vulnerability, identified as CVE-2025-20206 and assigned a CVSS score of 7.1, could allow an authenticated, local attacker to execute arbitrary code with SYSTEM privileges.
This vulnerability exists in the interprocess communication (IPC) channel of the Cisco Secure Client when the Secure Firewall Posture Engine (formerly HostScan) is installed. It occurs due to “insufficient validation of resources that are loaded by the application at run time.”
An attacker could exploit this vulnerability by sending a crafted IPC message to a specific Cisco Secure Client process. Successful exploitation would grant the attacker the ability to execute arbitrary code on the affected machine with the highest level of system privileges.
However, it is important to note that to exploit this vulnerability, the attacker must have valid user credentials on the Windows system.
Cisco has released software updates to address this vulnerability. Users of affected versions are advised to upgrade to the latest fixed release, 5.1.8.105 or later, as soon as possible. Currently, there are no workarounds available to mitigate this vulnerability.
Cisco PSIRT is not aware of any public announcements or malicious use of this vulnerability at the time of the advisory. However, it is crucial for users to update their Cisco Secure Client software promptly to prevent potential exploitation.
Related Posts:
- Cisco releases patch to fix three high security bugs
- Hackers use Cisco Router flaws to attack Iran, 3,500 routers hacked
- Cisco releases the security updates to fix flaws in multiple Cisco products
- Cisco Smart Install Protocol was misused, tens of thousands of critical infrastructure may be attacked
- Cisco: 95% of all data centre traffic by 2021 will come from cloud
