CVE-2025-20236

CWE-8295 documents5 sources
Severity
8.8HIGH
EPSS
0.4%
top 42.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Webex TeamsCisco Webex Teams
Timeline
PublishedApr 16
Latest updateApr 18

Description

A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/webex_teams6 versions+5
CVEListV5cisco/cisco_webex_teams6 versions+5

🔴Vulnerability Details

2
CVEList
Cisco Webex App Client-Side Remote Code Execution Vulnerability2025-04-16
GHSA
GHSA-rv87-h47c-m27v: A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary f2025-04-16

📋Vendor Advisories

1
Cisco
Cisco Webex App Client-Side Remote Code Execution Vulnerability2025-04-16

🕵️Threat Intelligence

1
Bleepingcomputer
Cisco Webex bug lets hackers gain code execution via meeting links2025-04-18
CVE-2025-20236 (HIGH CVSS 8.8) | A vulnerability in the custom URL p | cvebase.io