The Download
Cisco has released a patch for a critical vulnerability (CVE-2025-20156) in its Meeting Management software, which carries a CVSS score of 9.9. This flaw arises from improper authorization enforcement in the REST API, allowing remote, authenticated users with low privileges to escalate their access to administrator level. By sending crafted API requests to specific endpoints, attackers can gain control over edge nodes within Cisco's video conferencing infrastructure. Exploiting this vulnerability could lead to unauthorized administrative access, potentially compromising the security and integrity of the organization's communication systems.
What You Can Do
To mitigate this risk, IT administrators should promptly apply the available software updates. For Cisco Meeting Management versions 3.8 and earlier, migrating to a supported version is necessary. Specifically, release 3.9 should be upgraded to version 3.9.1, while version 3.10 is not affected by this vulnerability. Currently, there are no workarounds for this issue, making timely patching essential. Although there are no known exploits in the wild, the critical nature of this flaw warrants immediate attention to prevent potential security breaches.
ThreatMate scans your attack surfaces outside and behind the firewalls for vulnerabilities your adversaries are actively exploiting. Sign up for a demo today.
To Learn More: