Affected Vendors This Week
- Cisco: 13 CVEs (1 high, 12 medium)
- Netgear: 3 CVEs (1 critical, 2 medium)
- Linksys: 2 CVEs (2 medium)
- TP-Link: 1 CVE (1 unscored)
- Lantronix: 1 CVE (1 medium)
Critical Priority
This week brings one critical-severity vulnerability requiring immediate attention: CVE-2025-4978 (CVSS 9.8) affects Netgear DGND3700 routers running firmware 1.1.00.15_1.00.15NA. The vulnerability exists in the Basic Authentication component via the /BRS_top.html file and poses a significant risk to affected devices. Netgear users should check for available firmware updates immediately and apply patches as soon as they become available.
High-Severity Vulnerabilities
Two high-severity issues warrant rapid remediation planning:
- CVE-2025-20152 (CVSS 8.6) — Cisco Identity Services Engine (ISE) is vulnerable to a denial of service attack via malformed RADIUS messages. An unauthenticated attacker can trigger this remotely, making it a concern for organizations running ISE in production environments.
- CVE-2025-20113 (CVSS 7.1) — Cisco Unified Intelligence Center allows authenticated attackers to escalate privileges to Administrator for limited functions. Organizations should verify user access controls and apply patches promptly.
Cisco: Broad Medium-Severity Coverage
Cisco accounts for 13 vulnerabilities this week, primarily medium severity. Beyond the high-severity issues noted above, the vendor faces multiple medium-severity exposures:
- CVE-2025-20256 and CVE-2025-20257 (both CVSS 6.5) affect Cisco Secure Network Analytics Manager and Virtual Manager, allowing authenticated attackers to manipulate data through web and API interfaces.
- CVE-2025-20242 (CVSS 6.5) impacts the Cloud Connect component of Cisco Unified Contact Center Enterprise, enabling unauthenticated attackers to read and modify device data.
- CVE-2025-20246, CVE-2025-20247, and CVE-2025-20250 (all CVSS 6.1) are cross-site scripting (XSS) flaws in Cisco Webex affecting unauthenticated users.
Organizations running Cisco products should prioritize ISE and UIC patching first, then schedule updates for Network Analytics and Webex platforms.
Linksys Gateway Issues
CVE-2025-4999 and CVE-2025-5000 (both CVSS 6.3) affect Linksys FGW3000-AH and FGW3000-HK gateways up to firmware 1.0.17.000000. Both vulnerabilities involve the /cgi-bin/sysconf.cgi script and could allow attackers to manipulate system configuration. Users should update to firmware beyond 1.0.17.000000 if available.
Lantronix and TP-Link
CVE-2025-4338 (CVSS 6.8) exposes Lantronix Device Installer to XXE (XML External Entity) attacks through crafted network device configuration files, potentially exposing credentials. Update the installer immediately.
CVE-2025-40634, while unscored, is a stack-based buffer overflow in TP-Link Archer AX50 routers affecting the 'conn-indicator' binary running as root. This poses significant risk and should be treated as high priority pending official severity assignment.