Denial of Service Vulnerability in Cisco AnyConnect on Meraki Devices
CVE-2025-20212

7.7HIGH

Key Information:

Vendor: Cisco
Status: Cisco Meraki Mx Firmware
Vendor: CVE Published:; 2 April 2025

Badges

👾 Exploit Exists

Summary

A vulnerability in the Cisco AnyConnect VPN server on Cisco Meraki MX and Z Series devices allows an authenticated remote attacker to trigger a denial of service (DoS) condition. The vulnerability is rooted in an uninitialized variable during SSL VPN session establishment. An attacker with valid VPN credentials can exploit this flaw by sending specially crafted attributes, causing the AnyConnect VPN server to restart. This interruption leads to the failure of existing SSL VPN sessions, necessitating reauthentication for remote users. A sustained attack could prevent new connections entirely, though the server will recover automatically once the attack ceases.

Affected Version(s)

Cisco Meraki MX Firmware 16.2

Cisco Meraki MX Firmware 16.3

Cisco Meraki MX Firmware 16.4

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit known to exist
Apr 2, 2025
Vulnerability published
Apr 2, 2025
Vulnerability Reserved
Oct 10, 2024