Atlassian and Cisco this week announced patches for multiple high-severity vulnerabilities in their products, including flaws leading to remote code execution.
Atlassian released seven updates that address four high-severity flaws impacting third-party dependencies in Bamboo, Confluence, and Jira, including some that were publicly disclosed nearly six years ago.
A denial-of-service (DoS) issue in Netplex Json-smart that could be exploited without authentication was resolved with fixes for Bamboo Data Center and Server, Jira Data Center and Server, and Jira Service Management Data Center and Server. The security defect is tracked as CVE-2024-57699.
The security updates for Jira and Jira Service Management also resolve an XXE (XML External Entity Injection) bug leading to a DoS condition, tracked as CVE-2021-33813.
Confluence Data Center and Server received patches for two vulnerabilities, including a DoS flaw in the Netty application framework (tracked as CVE-2025-24970), and an XXE bug in the libjackson-json-java library (CVE-2019-10172).
Atlassian makes no mention of any of these vulnerabilities being exploited in the wild against its products.
On Wednesday, Cisco rolled out patches for three security defects in Webex App, Secure Network Analytics, and Nexus Dashboard.
Webex App received fixes for a high-severity flaw, tracked as CVE-2025-20236, that allows attackers to execute arbitrary code remotely by convincing a user to click on a crafted meeting invite link and download arbitrary files.
Updates released for Secure Network Analytics versions 7.5.0, 7.5.1, and 7.5.2 resolve a medium-severity issue that could allow authenticated attackers to obtain shell access with root privileges.
In Nexus Dashboard, the tech giant resolved a medium-severity bug that could allow unauthenticated, remote attackers to determine usernames that are valid LDAP user accounts.
Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on the company’s security advisories page.
Related: Oracle Patches 180 Vulnerabilities With April 2025 CPU
Related: SonicWall Patches High-Severity Vulnerability in NetExtender
Related: Juniper Networks Patches Dozens of Junos Vulnerabilities
Related: Fortinet Patches Critical FortiSwitch Vulnerability