Cisco Warns of Meeting Management API Privilege Escalation Vulnerability

Cisco has issued a critical advisory regarding a privilege escalation vulnerability in its Meeting Management REST API.

The flaw tracked as CVE-2025-20156, allows a remote, authenticated attacker with low privileges to elevate their access to administrator-level control on affected devices, posing a significant threat to affected systems.

Vulnerability Details

The vulnerability stems from improper authorization enforcement on the REST API.

By exploiting this security lapse, attackers can send specially crafted API requests to a specific endpoint, potentially gaining unauthorized administrative control over edge nodes managed by Cisco Meeting Management.

This vulnerability has been assigned a CVSS Score of 9.9, indicating its criticality.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Cisco’s security team has urged all customers to act immediately to prevent potential exploitation. The advisory is published under the ID cisco-sa-cmm-privesc-uy2Vf8pc.

Affected Products

The vulnerability impacts all versions of Cisco Meeting Management before version 3.9.1. The breakdown of affected versions is as follows:

• Cisco Meeting Management 3.8 and earlier: Vulnerable. Users must migrate to a fixed release.
• Cisco Meeting Management 3.9: Vulnerable but fixed in version 3.9.1.
• Cisco Meeting Management 3.10: Not affected.

Cisco has clarified that only products explicitly listed in the advisory are affected.

The advisory confirmed that no workarounds are available to mitigate this vulnerability. Customers are advised to upgrade to the fixed software as the sole remediation.

Cisco has released free security updates for eligible customers to address the vulnerability. Users with valid service contracts or licenses can access the fixed software via their usual update channels.

Fixed releases include version 3.9.1 for affected Cisco Meeting Management installations. Customers should verify hardware and software compatibility before performing upgrades to ensure the safety and stability of their systems.

The Cisco Product Security Incident Response Team (PSIRT) has not observed any public exploitation or malicious use of this vulnerability. Nevertheless, users are strongly encouraged to act preemptively to secure their systems.

Cisco advises all impacted customers to perform the necessary updates promptly. Those without service contracts or unable to access updates through regular channels can contact the Cisco Technical Assistance Center (TAC) for support.

This critical vulnerability underscores the importance of staying vigilant and applying updates promptly to mitigate security risks.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar