Cisco warns of denial of service flaw with PoC exploit code www.bleepingcomputer.com/news/secu…

Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code.

Tracked as CVE-2025-20128, the vulnerability is caused by a heap-based buffer overflow weakness in the Object Linking and Embedding 2 (OLE2) decryption routine, allowing unauthenticated, remote attackers to trigger a DoS condition on vulnerable devices.

Today, the company also patched a Cisco BroadWorks DoS security flaw (CVE-2025-20165) and a critical severity privilege escalation vulnerability (CVE-2025-20156) in the Cisco Meeting Management REST API that lets hackers gain admin privileges on unpatched devices.