Updates have been issued by Cisco and Atlassian to address various high-severity security issues impacting their respective offerings, SecurityWeek reports.
Included in the flaws fixed by Cisco were the denial-of-service flaw affecting numerous Meraki MX and Meraki Z devices, tracked as CVE-2025-20271, which originates from variable initialization errors upon the beginning of an SSL VPN session. "A sustained attack could prevent new SSL VPN connections from being established, effectively making the Cisco AnyConnect VPN service unavailable for all legitimate users," said Cisco, which also patched another DoS defect in ClamAV's Universal Disk Format Processing, also known as CVE-2025-20234. On the other hand, Atlassian released fixes for five vulnerabilities for third-party Confluence, Bamboo, Bitbucket, Crowd, and Jira dependencies. Aside from patching the improper authorization issue in Spring, tracked as CVE-2025-22228, and a path traversal involving the WebMvc.fn and WebFlux.fn frameworks, tracked as CVE-2024-38816, Atlassian also remediated a trio of DoS bugs in Netty, Netplex Json-smart, and Apache Tomcat, tracked as CVE-2025-24970, CVE-2024-57699, and CVE-2025-31650, respectively. There has been no evidence suggesting active exploitation of any of the fixed flaws.
Included in the flaws fixed by Cisco were the denial-of-service flaw affecting numerous Meraki MX and Meraki Z devices, tracked as CVE-2025-20271, which originates from variable initialization errors upon the beginning of an SSL VPN session. "A sustained attack could prevent new SSL VPN connections from being established, effectively making the Cisco AnyConnect VPN service unavailable for all legitimate users," said Cisco, which also patched another DoS defect in ClamAV's Universal Disk Format Processing, also known as CVE-2025-20234. On the other hand, Atlassian released fixes for five vulnerabilities for third-party Confluence, Bamboo, Bitbucket, Crowd, and Jira dependencies. Aside from patching the improper authorization issue in Spring, tracked as CVE-2025-22228, and a path traversal involving the WebMvc.fn and WebFlux.fn frameworks, tracked as CVE-2024-38816, Atlassian also remediated a trio of DoS bugs in Netty, Netplex Json-smart, and Apache Tomcat, tracked as CVE-2025-24970, CVE-2024-57699, and CVE-2025-31650, respectively. There has been no evidence suggesting active exploitation of any of the fixed flaws.
