<ul><li>Cisco has released security updates to address command injection and denial-of-service (DoS) vulnerabilities in Nexus switches.</li><li>The high-severity vulnerability (CVE-2025-20111) affects the health monitoring diagnostics of Cisco Nexus 3000 and 9000 Series Switches, allowing an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a DoS condition.</li><li>Another flaw (CVE-2025-20161) addressed by Cisco is a command injection issue that impacts the software upgrade process of Nexus 3000 and 9000 Series Switches.</li><li>The Cisco Product Security Incident Response Team (PSIRT) has not reported any known attacks exploiting these vulnerabilities.</li></ul>

Cisco fixed command injection and DoS flaws in Nexus switches

Discover more