CVE-2025-20291

CWE-601Open Redirect4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.0%
top 93.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Cisco Webex Meetings
Timeline
PublishedSep 3
Latest updateSep 9

Description

A vulnerability in Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to redirect a targeted Webex Meetings user to an untrusted website. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of URLs that were included in a meeting-join URL. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by including a URL

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-65ch-j3gf-4m56: A vulnerability in Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to redirect a targeted Webex Meetings user to an untrus2025-09-09
CVEList
CVE-2025-20291: A vulnerability in Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to redirect a targeted Webex Meetings user to an untrus2025-09-03

📋Vendor Advisories

1
Cisco
Cisco Webex Meetings URL Redirection Vulnerability2025-09-03
CVE-2025-20291 (MEDIUM CVSS 6.1) | A vulnerability in Cisco Webex Meet | cvebase.io