CVE-2025-20255Acceptance of Extraneous Untrusted Data With Trusted Data in Cisco Webex Meetings

CWE-349Acceptance of Extraneous Untrusted Data With Trusted Data4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 79.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Webex Meetings
Timeline
PublishedMay 21

Description

A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerability is due to improper handling of malicious HTTP requests to the affected service. An attacker could exploit this vulnerability by manipulating stored HTTP responses within the service, also known as HTTP cache poisoning. A successful exploit could allow the attacker to cause the Webex Meetings service

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
CVE-2025-20255: A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses wi2025-05-21
GHSA
GHSA-jrwq-36rx-842c: A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses wi2025-05-21

📋Vendor Advisories

1
Cisco
Cisco Webex Meetings Services HTTP Cache Poisoning Vulnerability2025-05-21
CVE-2025-20255 — Cisco Webex Meetings vulnerability | cvebase