CVE-2025-20236

HIGH

Cisco Webex App - Open Redirect

Title source: llm

Description

A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user.

References (1)

[Vendor Advisory] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-client-rce-ufyMMYLC

Scores

CVSS v3 8.8

EPSS 0.0036

EPSS Percentile 57.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-829

Status published

Products (6)

cisco/webex_teams 44.6

cisco/webex_teams 44.6.0.29928

cisco/webex_teams 44.6.0.30148

cisco/webex_teams 44.7

cisco/webex_teams 44.7.0.30141

cisco/webex_teams 44.7.0.30285

Published Apr 16, 2025

Tracked Since Feb 18, 2026