Vulnerabilities Applied to Cisco and Atlassian Products

Atlassian and Cisco have both released important updates to fix serious security issues in their products. These issues could allow hackers to take control of systems remotely without authorization.

  DDOS   Apr 18, 2025  Add to Reading List
Vulnerabilities Applied to Cisco and Atlassian Products

Atlassian and Cisco have both released important updates to fix serious security issues in their products. These issues could allow hackers to take control of systems remotely without authorization.

Atlassian issued seven updates to address four serious vulnerabilities in their Bamboo, Confluence, and Jira products. Some of these issues have been known for almost six years. One problem, known as CVE-2024-57699, affected third-party dependencies and could disrupt services by causing a denial-of-service (DoS) attack. Fixes for this were applied to Bamboo Data Center and Server, Jira Data Center and Server, and Jira Service Management Data Center and Server.

The updates for Jira and Jira Service Management also tackled an XXE (XML External Entity Injection) vulnerability tracked as CVE-2021-33813, which could also result in a DoS condition.

For Confluence, two vulnerabilities were patched. One issue in the Netty application framework is known as CVE-2025-24970, and the other is an XXE vulnerability in the libjackson-json-java library, known as CVE-2019-10172. Atlassian assured users that none of these vulnerabilities have been reported to be exploited in the real world.

Cisco, on the other hand, addressed three security issues across different products. On Wednesday, they released patches for Webex App, Secure Network Analytics, and Nexus Dashboard.

A critical flaw in the Webex App, identified as CVE-2025-20236, could be exploited by convincing a user to click on a malicious meeting link, leading to the execution of unauthorized code. 

Updates for Secure Network Analytics (versions 7.5.0, 7.5.1, and 7.5.2) fixed a medium-severity issue that allowed authenticated users to obtain root shell access, which means full control over the system.

In Nexus Dashboard, a medium-severity bug was fixed that allowed remote attackers to determine valid usernames of LDAP user accounts without needing to log in.

Cisco has also stated that there have been no reports of these vulnerabilities being exploited in actual attacks. For more detailed information, users can check out Cisco’s security advisories page.