Affected Vendors
- Cisco: 4 CVEs
- Palo Alto Networks: 2 CVEs
- TP-Link: 1 CVE
- Fortinet: 1 CVE
This week brought eight new router and network appliance vulnerabilities, with two high-severity issues that warrant immediate attention. Cisco continues to dominate the weekly count with four CVEs across IOS XR platforms, while TP-Link and Fortinet each reported notable security gaps.
High-Severity Vulnerabilities
CVE-2025-20340 (CVSS 7.4) represents the most concerning Cisco issue this week. A flaw in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software allows an unauthenticated, adjacent attacker to trigger a broadcast storm, resulting in denial of service. This vulnerability is particularly dangerous in shared network segments where an attacker only needs network proximity—no authentication required. Organizations running Cisco IOS XR should prioritize patch deployment.
CVE-2025-29089 (CVSS 7.5) affects TP-Link AX10 AX1500 devices running firmware version 1.3.10 Build 20230130. This vulnerability allows remote attackers to obtain sensitive information, making it a serious concern for home office and small business deployments. TP-Link users should check firmware availability and update immediately if a patch has been released.
Medium-Severity Issues
Cisco reported three additional vulnerabilities in IOS XR. CVE-2025-20248 (CVSS 6.0) involves image signature verification bypass during installation—an authenticated local attacker can load unsigned software. CVE-2025-20159 (CVSS 5.3) allows unauthenticated remote attackers to bypass management ACLs on the Secure Shell (SSH) interface, potentially exposing administrative access.
CVE-2024-45325 (CVSS 6.7) affects Fortinet FortiDDoS-F versions 7.0.0 through 7.0.2 and prior 6.6.3 releases. This OS command injection vulnerability could allow attackers to execute arbitrary commands on affected systems. Organizations running vulnerable FortiDDoS-F versions should upgrade to patched releases immediately.
Lower-Priority Issues
Three CVEs were published without assigned severity ratings but carry notable CVSS scores. CVE-2025-7350 (CVSS 8.6) affects Cisco Stratix industrial switches, enabling remote code execution through malicious configuration uploads. Palo Alto Networks reported two credential exposure issues: CVE-2025-4235 (CVSS 7.2) in the User-ID Credential Agent and CVE-2025-4234 (CVSS 2.4) in Cortex XDR's Microsoft 365 Defender Pack.
Recommended Actions
- Cisco users: Check for patches for CVE-2025-20340, CVE-2025-20248, and CVE-2025-20159 immediately
- TP-Link AX10 users: Verify firmware version and apply updates if available
- Fortinet customers: Upgrade FortiDDoS-F to patched versions to remediate command injection
- All organizations: Review network segmentation to limit adjacent attacker access vectors