Saturday, May 3, 2025
HomeCVE/vulnerabilityCisco Webex Vulnerability Lets Hackers Execute Code Through Malicious Meeting Links

Cisco Webex Vulnerability Lets Hackers Execute Code Through Malicious Meeting Links

Published on

SIEM as a Service

Follow Us on Google News

Cisco has disclosed a high-severity vulnerability in its widely used Webex App, warning users that attackers could exploit the flaw to execute arbitrary code on targeted computers.

Tracked as CVE-2025-20236, the vulnerability arises from improper input validation in the app’s custom URL parser, exposing users to remote code execution simply by clicking a specially crafted meeting invite link.

Overview of the vulnerability:

The vulnerability is tracked as CVE-2025-20236, classified with a high CVSS score of 8.8. The flaw exists due to insufficient input validation in the Webex App’s custom URL parser.

- Advertisement - Google News

Below is a table summarizing the key vulnerability details and the affected product versions:

CVE IDVulnerable ProductAffected VersionsFixed Version(s)CVSS ScoreSeverity
CVE-2025-20236Cisco Webex App44.6, 44.744.6.2.30589, 44.8+8.8High

According to Cisco’s security advisory, the flaw stems from insufficient checks when the Webex App processes meeting invite links.

Attackers could craft malicious URLs that, when clicked by unsuspecting users, prompt the download of arbitrary files.

This could allow code execution with the current user’s privileges—opening the door to data theft, further malware installation, or lateral network movement.

No workarounds exist, making patching the only effective mitigation. Cisco has already released fixed versions and is urging all users to upgrade immediately.

The vulnerability can be exploited remotely without any authentication, although user interaction (clicking the link) is needed.

While Cisco’s Product Security Incident Response Team (PSIRT) reports no current public exploitation, the high CVSS score indicates significant risk.

“Exploitation could allow an unauthenticated, remote attacker to execute arbitrary commands on the host of the targeted user. Patching is mandatory, as no workarounds are available.”

Users on 44.6 or 44.7 must migrate to at least 44.6.2.30589 or any later secure release. Releases 44.5 and earlier, as well as 44.8 and later, are not affected.

Recommendations

  • Upgrade Immediately: Apply the latest Webex App patches from Cisco’s official download channels.
  • Be Cautious: Avoid clicking Webex meeting links from untrusted sources.
  • Monitor Cisco Advisories: Stay updated through Cisco Security Advisories.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Hundreds of Fortune 500 Companies Have Unknowingly Employed North Korean IT Operatives

North Korean nationals have successfully infiltrated the employee ranks of major global corporations at...

Stealthy New NodeJS Backdoor Infects Users Through CAPTCHA Verifications

Security researchers have uncovered a sophisticated malware campaign utilizing fake CAPTCHA verification screens to...

State-Sponsored Hacktivism on the Rise, Transforming the Cyber Threat Landscape

Global cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid...

NVIDIA Riva AI Speech Flaw Let Hackers Gain Unauthorized Access to Abuse GPU Resources & API keys

Researchers have uncovered significant security vulnerabilities in NVIDIA Riva, a breakthrough AI speech technology...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hundreds of Fortune 500 Companies Have Unknowingly Employed North Korean IT Operatives

North Korean nationals have successfully infiltrated the employee ranks of major global corporations at...

State-Sponsored Hacktivism on the Rise, Transforming the Cyber Threat Landscape

Global cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid...

Stealthy New NodeJS Backdoor Infects Users Through CAPTCHA Verifications

Security researchers have uncovered a sophisticated malware campaign utilizing fake CAPTCHA verification screens to...