CVE-2025-20255

Published May 21, 2025

Last updated 9 months ago

CVSS medium 4.3

Overview

Description
A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerability is due to improper handling of malicious HTTP requests to the affected service. An attacker could exploit this vulnerability by manipulating stored HTTP responses within the service, also known as HTTP cache poisoning. A successful exploit could allow the attacker to cause the Webex Meetings service to return incorrect HTTP responses to clients.
Source
psirt@cisco.com
NVD status
Analyzed
Products
webex_meetings

Risk scores

CVSS 3.1

Type
Primary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity
MEDIUM

Weaknesses

psirt@cisco.com
CWE-349

Social media

Hype score
Not currently trending

  1. Yay, I did a thing for @Oracle knowing they were collaborating with @Akamai and I was applying for a job at Akamai, so I knew it couldn't hurt my chances. 🥰 Same with the Webex CVE-2025-20255 (I forgot about this CVE tbh🤣). TL;DR - I love hacking. 😜 https://t.co/fnLbDX

    @deadvolvo

    14 Feb 2026

    1389 Impressions

    2 Retweets

    27 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  2. Threat Alert: Cisco Webex Meetings Vulnerability Allows Attackers to Manipulate HTTP Responses CVE-2025-20255 Severity: 🟡 Medium Maturity: 🧨 Trending Learn more: https://t.co/Q34gAfBldo #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    23 May 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-20255 A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting… https://t.co/XMb47DX7LU

    @CVEnew

    21 May 2025

    280 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A vulnerability in the user profile component of Cisco Webex Meetings could have allowed an authenticated, remote attacker with low privileges to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of user-supplied input to the user profile component of Cisco Webex Meetings. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could have allowed the attacker to conduct an XSS attack against the targeted user.CVE-2025-20328
  2. A vulnerability in Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to redirect a targeted Webex Meetings user to an untrusted website. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of URLs that were included in a meeting-join URL. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by including a URL to a website of their choosing in a specific value of a Cisco Webex Meetings join URL. A successful exploit could have allowed the attacker to redirect a targeted user to a website that was controlled by the attacker, possibly making the user more likely to believe the website was trusted by Webex and perform additional actions as part of phishing attacks.CVE-2025-20291
  3. A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.CVE-2025-20250
  4. A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.CVE-2025-20246
  5. A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.CVE-2025-20247

References

Sources include official advisories and independent security research.