Cisco informed customers on Wednesday that it has patched command injection and denial-of-service (DoS) vulnerabilities in some of its Nexus switches.
One of the vulnerabilities, tracked as CVE-2025-20111, has been described as a high-severity issue related to the incorrect handling of some Ethernet frames. The issue impacts the health monitoring diagnostics component of Nexus 3000 and 9000 series switches — in the case of 9000 series products, they are affected only in standalone NX-OS mode.
The vulnerability can allow an unauthenticated attacker who has access to the targeted device to cause a DoS condition.
“An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload,” Cisco said in its advisory.
A different advisory describes a medium-severity command injection vulnerability affecting Nexus 3000 and 9000 series switches. Exploitation can be carried out by a local attacker with admin credentials.
“An attacker could exploit this vulnerability by installing a crafted image. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges,” Cisco said.
A third advisory published by Cisco on Wednesday describes four medium-severity flaws in the networking giant’s Application Policy Infrastructure Controller (APIC).
The security holes can be exploited for XSS attacks, DoS attacks, arbitrary command execution, and to access sensitive information, but the attacker needs to have administrator credentials. The company has credited members of the NATO Cyber Security Centre for reporting these flaws.
Cisco is not aware of any of these vulnerabilities being exploited in attacks. However, it’s not uncommon for threat actors to exploit Cisco product vulnerabilities in their attacks.
CISA’s Known Exploited Vulnerabilities (KEV) catalog currently includes roughly 70 Cisco vulnerabilities that have been leveraged by threat actors in their attacks over the past decade.
Related: Cisco Says Ransomware Group’s Leak Related to Old Hack
Related: Cisco Patches Critical Vulnerabilities in Enterprise Security Product
Related: Cisco Patches Critical Vulnerability in Meeting Management
Related: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks
