Cybersecurity Alert – Numerous Critical Cisco Vulnerabilities

Impact: All Firms

FINRA member firms should be aware Cisco recently published numerous Security Advisories associated with different Common Vulnerabilities and Exposures (CVEs), several of them listed as critical. 

This Cybersecurity Alert includes a link to the Cisco Security Advisories website describing the numerous published vulnerabilities along with guidance to address each. FINRA recommends member firms follow Cisco’s guidance within each Security Advisory as needed and communicate with their vendors to determine if they were impacted by any of the vulnerabilities.

Note: FINRA separately contacted member firms that indicated through FINRA’s Third-Party Vendor Questionnaire they use Cisco products.

Summary

Between Sept. 24 and 25, 2025, Cisco published numerous Security Advisories regarding different vulnerabilities, classified as critical, high and medium, that could allow threat actors to compromise a firm’s systems. 

Recommendations to Protect Your Firm

To protect against these vulnerabilities, FINRA recommends member firms review the Security Advisories to determine if the firm uses any of these products, and if so, follow Cisco’s guidance within each Security Advisory to address issues within their environment. FINRA also recommends that all firms—regardless of whether they use Cisco products—communicate with their vendors to determine if they were impacted by any of the vulnerabilities and if their firm may have been impacted as a result.

FINRA encourages member firms that identify data breaches or attempted data breaches to contact your Risk Monitoring Analyst and report them to:

• FINRA using the Regulatory Tip Form found on FINRA.org;
• the SEC using the Tips, Complaints, and Referrals form or by calling (202) 551-4790; and
• the FBI using its Internet Crime Complaint Center or by calling 1-800-CALLFBI (1-800-225-5324).

Additionally, both the FBI and the Cybersecurity & Infrastructure Security Agency (CISA) urge organizations to promptly report cyber incidents to CISA via CISA’s 24/7 Operations Center ([email protected] or 888-282-0870).

Questions related to this Alert or other cybersecurity-related topics can be emailed to the FINRA Cyber and Analytics Unit (CAU).

Note: This Alert does not create new legal or regulatory requirements or new interpretations of existing requirements, nor does it relieve firms of any existing obligations under federal securities laws, regulations, and FINRA rules. Member firms may consider the information in this Alert in developing new, or modifying existing, policies and procedures that are reasonably designed to achieve compliance with relevant regulatory obligations based on the member firm’s size and business model. Moreover, some information may not be relevant due to certain firms’ business models, sizes, or practices.