CVE-2025-20329

CWE-532Log File Information Exposure4 documents4 sources
Severity
4.9MEDIUM
EPSS
0.0%
top 85.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco RoomosCisco Telepresence Collaboration EndpointCisco Cisco Roomos Software
Timeline
PublishedOct 15

Description

A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability exists because certain unencrypted credentials are stored when SIP media component logging is enabled. An attacker could exploit this vulnerability by accessing t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

CVEListV5cisco/cisco_roomos_software48 versions+47
NVDcisco/roomos10.0.0.011.32.2.1

🔴Vulnerability Details

2
CVEList
Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability2025-10-15
GHSA
GHSA-rvvf-ghr3-j46w: A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, rem2025-10-15

📋Vendor Advisories

1
Cisco
Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability2025-10-15
CVE-2025-20329 (MEDIUM CVSS 4.9) | A vulnerability in the logging comp | cvebase.io