Cisco Releases Security Advisory for Webex App

CVE-2025-20236 could allow an attacker to achieve remote code execution

Threat ID:: CC-4644
Threat Severity:: Medium
Published:: 17 April 2025 11:57 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

CVE-2025-20236 could allow an attacker to achieve remote code execution

Affected platforms

The following platforms are known to be affected:

Cisco Webex App

This vulnerability affects Cisco Webex App, regardless of system configuration or operating system.

Versions:

44.6 to 44.6.2.30588
44.7

Threat details

Introduction

Cisco has released a security advisory to address a high severity vulnerability affecting Webex App, regardless of configuration or operating system. Cisco Webex is a web conferencing software solution.

CVE-2025-20236 is an 'insufficient input validation' vulnerability with a CVSSv3 score of 8.8. If exploited, a remote, unauthenticated attacker could achieve remote code execution (RCE) by persuading the end user to click on a malicious meeting link.

Remediation advice

Affected organisations are encouraged to review Cisco Security Advisory cisco-sa-webex-app-client-rce-ufyMMYLC and apply the relevant updates as soon as practicable.

Definitive source of threat updates

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-client-rce-ufyMMYLC

CVE Vulnerabilities

Status Published

CVE-2025-20236

A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user.

Last edited: 17 April 2025 11:58 am