Main Vulnerability Database Vulnerabilities #VU106921

#VU106921 Use of Uninitialized Variable in Cisco Systems, Inc products - CVE-2025-20212

Published: April 3, 2025

Vulnerability identifier: #VU106921

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-20212

CWE-ID: CWE-457

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Meraki MX
Meraki MX64
Meraki MX64W
Meraki MX65
Meraki MX65W
Meraki MX67
Meraki MX67C
Meraki MX67W
Meraki MX68
Meraki MX68CW
Meraki MX68W
Meraki MX75
Meraki MX84
Meraki MX85
Meraki MX95
Meraki MX100
Meraki MX105
Meraki MX250
Meraki MX400
Meraki MX450
Meraki MX600
Meraki vMX
Meraki Z3
Meraki Z3C
Meraki Z4
Meraki Z4C

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uninitialized variable in the Cisco AnyConnect VPN server when an SSL VPN session is established. A remote user can cause a denial of service condition on the target system.

Remediation

Install updates from vendor's website.

External links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vNRpDvfb

#VU106921 Use of Uninitialized Variable in Cisco Systems, Inc products - CVE-2025-20212

Description

Remediation

External links

Please verify you're human