Affected Vendors
- Cisco: 12 CVEs (1 critical, 2 high, 9 medium)
- Linksys: 10 CVEs (0 critical, 0 high, 10 medium)
- Netgear: 1 CVE (0 critical, 1 high, 0 medium)
This week brought 23 new router and networking device vulnerabilities, headlined by a critical flaw in Cisco's cloud-based Identity Services Engine. Cisco dominates the advisory count with 12 CVEs across multiple product lines, while Linksys disclosed a batch of medium-severity issues affecting its popular range extender models.
Critical Priority: Cisco ISE Cloud Deployments
CVE-2025-20286 (CVSS 9.9) is the week's most severe issue and demands immediate attention. This critical vulnerability affects Cisco Identity Services Engine (ISE) deployments running on AWS, Microsoft Azure, and Oracle Cloud Infrastructure. The flaw allows unauthenticated, remote attackers to exploit the platform—a significant risk for organizations managing cloud-based identity and access control. If you run Cisco ISE in any cloud environment, check for available patches immediately and prioritize deployment.
High-Severity SSH Implementation Flaws
Two additional high-severity vulnerabilities target SSH implementations in Cisco infrastructure products:
- CVE-2025-20261 (CVSS 8.8) affects the SSH connection handling in Cisco Integrated Management Controller (IMC) for UCS B-Series, C-Series, S-Series, and X-Series Servers. An authenticated attacker could exploit this for further lateral movement.
- CVE-2025-20163 (CVSS 8.7) impacts Cisco Nexus Dashboard Fabric Controller (NDFC), allowing unauthenticated attackers to impersonate NDFC-managed devices—a direct threat to fabric integrity and device management security.
Both SSH issues warrant prompt firmware updates to affected UCS and Nexus environments.
Cisco Enterprise Products (Medium Severity)
Cisco's remaining 9 medium-severity CVEs span multiple product families. CVE-2025-20273 (CVSS 6.1) allows unauthenticated access to web management interfaces in Unified Intelligent Contact Management Enterprise, while CVE-2025-20278 (CVSS 6.0) enables authenticated local command execution in Unified Communications products. Organizations running these contact center and communications platforms should apply updates during their next maintenance window.
Linksys Range Extender Batch Issues
Linksys disclosed 10 medium-severity vulnerabilities affecting its RE-series WiFi range extenders (RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000) across firmware versions 1.0.013.001 through 1.2.07.001. The affected CVEs are CVE-2025-5440, CVE-2025-5441, CVE-2025-5442, CVE-2025-5443, CVE-2025-5444, CVE-2025-5445, CVE-2025-5446, CVE-2025-5447, and two others—all scoring CVSS 6.3. While the full impact descriptions are limited, the synchronized release suggests a common vulnerability pattern. Check Linksys security advisories for available firmware updates and test in a non-critical segment before broad deployment.
Netgear Legacy Device Risk
CVE-2025-5495 (CVSS 7.3) affects the Netgear WNR614 (firmware 1.1.0.28_1.0.1WW), a legacy small-office/home-office router. The vulnerability involves improper URL handler input validation. If your organization still manages WNR614 units, verify whether Netgear has released patches or consider replacement planning for end-of-life devices.
Recommendations
- Prioritize Cisco ISE cloud environment patching immediately (CVE-2025-20286)
- Schedule updates for Cisco UCS/IMC and NDFC deployments this week (CVE-2025-20261, CVE-2025-20163)
- Monitor Linksys security portal for RE-series firmware releases and test updates in labs before production
- Review WNR614 usage and plan replacement or isolation strategies for unsupported legacy devices