CVE-2025-20236

Published Apr 16, 2025

Last updated 2 months ago

CVSS high 8.8

Overview

Description
A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user.
Source
psirt@cisco.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@cisco.com
CWE-829

Social media

Hype score
Not currently trending

  1. Cisco Webexに深刻なRCE脆弱性、会議リンク経由で不正コード実行の恐れ(CVE-2025-20236) https://t.co/ghTSUL4wxe #izumino_trend

    @sec_trend

    23 Apr 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Cisco Webexに深刻なRCE脆弱性、会議リンク経由で不正コード実行の恐れ(CVE-2025-20236) #セキュリティ対策Lab #セキュリティ #Security https://t.co/nR6bcLWfMT

    @securityLab_jp

    23 Apr 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Security Advisory: A malware campaign is exploiting a Cisco Webex vulnerability (CVE-2025-20236) to run malicious code via fake meeting links. 🔒 Update your Webex App, avoid unknown links, and monitor for unusual activity. Details: https://t.co/z4mYC2c2zC https://t.co/mOBamysY

    @vdsusa

    22 Apr 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links. The Webex custom URL parse flaw is tracked as CVE-2025-20236. https://t.co/KiZvV90QjY

    @riskigy

    21 Apr 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Critical Cisco Webex vulnerability (CVE-2025-20236) allows remote code execution just by clicking a meeting link. Patch immediately if you're on versions 44.6-44.7. Details: https://t.co/5bNxuQIQxA

    @RedTeamNewsBlog

    20 Apr 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-20236 : Cisco Webex bug lets hackers gain code execution via meeting links https://t.co/ldSNYDcrCF

    @freedomhack101

    19 Apr 2025

    16 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Router esposti e VPN sotto attacco: vulnerabilità critiche nei dispositivi ASUS, SonicWall e Cisco Webex Sicurezza Informatica, asus aicloud bypass, autenticazione, Cisco Webex, cve-2025-20236, exploit, remote code execution client, router, sma, sonicwal… https://t.co/c979gLs3SC

    @matricedigitale

    18 Apr 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 CVE-2025-20236 🔴 HIGH (8.8) 🏢 Cisco - Cisco Webex Teams 🏗️ 44.6 🔗 https://t.co/lkCml9WFd0 #CyberCron #VulnAlert #InfoSec https://t.co/Ynquo8PCWQ

    @cybercronai

    18 Apr 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 Critical vulnerability (CVE-2025-20236) in Cisco Webex allows code execution via malicious meeting links. Upgrade to versions 44.8+ to protect against potential threats. #Cisco #Webex #USA link: https://t.co/USTETiurgM https://t.co/Zo4DmiTDqX

    @TweetThreatNews

    17 Apr 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 Cisco patches critical Webex App vulnerability (CVE-2025-20236) allowing unauthenticated RCE via malicious meeting links. Update now to stay secure! 🔒 https://t.co/NoXraj5F3b #Cybersecurity #Webex

    @_F2po_

    17 Apr 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. ⚡️The vulnerability details are now available: https://t.co/Ly7Wra81il 🚨🚨CVE-2025-20236(CVSS: 8.8): Critical RCE flaw in Cisco Webex App! Attackers can exploit weak input validation via malicious meeting links to drop arbitrary files on your device—no auth needed! ZoomEye ht

    @zoomeye_team

    17 Apr 2025

    619 Impressions

    1 Retweet

    6 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  12. 🚨 Cisco has disclosed 3 major vulnerabilities impacting Webex App, Secure Network Analytics, and Nexus Dashboard — including a critical RCE flaw (CVE-2025-20236). Learn more: https://t.co/cAge6mVbzV #CyberSecurity #Cisco #Infosec #Vulnerability

    @threatsbank

    17 Apr 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨Alert🚨 CVE-2025-20236 :Unauthenticated RCE Flaw in Webex App via Malicious Meeting Links 📊10K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/2qHYBeHsKe 👇Query HUNTER : https://t.co/q9rtuGfZuz="Cisco Webex App" FOFA : https://t.co/CPEWOe

    @HunterMapping

    17 Apr 2025

    1748 Impressions

    8 Retweets

    21 Likes

    13 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.