Cisco has patched a serious remote code execution vulnerability (CVE-2026-20045) in its Unified Communications and Webex Calling products, which has been actively exploited in attacks. The flaw allows attackers to gain elevated access on affected systems through crafted HTTP requests. Users are urged to update their software as there are no effective workarounds.

Cisco has addressed a critical vulnerability in its IOS XE Software for Wireless LAN Controllers, identified as CVE-2025-20188, which allows unauthenticated attackers to hijack devices due to a hard-coded JSON Web Token. Although the flaw is potent, it is only exploitable if the 'Out-of-Band AP Image Download' feature is enabled, which is not the default setting. Administrators are urged to apply security updates immediately to mitigate the risk.

A critical vulnerability, identified as CVE-2025-20265, has been discovered in Cisco's Secure Firewall Management Center, which allows for remote code execution with a CVSS score of 10. Organizations using this software are urged to apply the necessary patches immediately to mitigate potential security threats.

Cisco has announced a critical vulnerability, tracked as CVE-2025-20337, in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that allows unauthenticated remote attackers to gain root access through arbitrary code execution. The vulnerability has a maximum CVSS score of 10, and Cisco has released patches to address it along with related vulnerabilities disclosed in June. Customers are urged to upgrade to the latest software versions to mitigate the risk.

Cisco has issued security updates for a critical zero-day vulnerability (CVE-2025-20352) in its IOS and IOS XE Software, which is actively being exploited. The flaw allows remote attackers to execute code on vulnerable systems or cause denial-of-service conditions, prompting Cisco to recommend immediate upgrades to secure software versions.