CVE-2025-20271

Name of the Vulnerable Software and Affected Versions Cisco Meraki MX Firmware (affected versions not specified) Cisco Meraki Z Series Teleworker Gateway devices (affected versions not specified)

Description A vulnerability in the Cisco AnyConnect VPN server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This issue is due to variable initialization errors when an SSL VPN session is established. An attacker could exploit this by sending crafted HTTPS requests to an affected device, potentially causing the Cisco AnyConnect VPN server to restart and preventing new SSL VPN connections.

Recommendations For Cisco Meraki MX Firmware, update to a version that includes the fix for this issue. For Cisco Meraki Z Series Teleworker Gateway devices, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Cisco AnyConnect VPN service to minimize the risk of exploitation.