CVE-2025-20212

CWE-4574 documents4 sources
Severity
7.7HIGH
EPSS
0.4%
top 39.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Cisco Meraki MX Firmware
Timeline
PublishedApr 2

Description

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must have valid VPN user credentials on the affected device. This vulnerability exists because a variable is not initialized when an SSL VPN session is established. An attacker could exploit this vulnerabil

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0

Affected Packages1 packages

CVEListV5cisco/cisco_meraki_mx_firmware14 versions+13

🔴Vulnerability Details

2
CVEList
CVE-2025-20212: A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker2025-04-02
GHSA
GHSA-mf93-68c7-8cg2: A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker2025-04-02

📋Vendor Advisories

1
Cisco
Cisco Meraki MX and Z Series AnyConnect VPN Denial of Service Vulnerability2025-04-02
CVE-2025-20212 (HIGH CVSS 7.7) | A vulnerability in the Cisco AnyCon | cvebase.io