Summary: Cisco has issued a security advisory regarding a critical vulnerability (CVE-2025-20206) in the Cisco Secure Client for Windows that could allow local authenticated attackers to execute arbitrary code with SYSTEM privileges. The advisory highlights the need for immediate software updates to version 5.1.8.105 or later to mitigate potential exploitation, as there are no available workarounds. Although Cisco is not aware of any active exploitation, timely updates are essential to protect against this vulnerability.
Affected: Cisco Secure Client for Windows
Keypoints :
- Vulnerability CVE-2025-20206 has a CVSS score of 7.1.
- Exploitation requires valid user credentials on the Windows system.
- Cisco recommends upgrading to version 5.1.8.105 or later immediately.
- No workarounds are currently available for this vulnerability.
- Cisco PSIRT reports no known malicious use as of the advisory’s release.