Tuesday, May 20, 2025
HomeCVE/vulnerabilityCisco Webex Vulnerability Lets Hackers Execute Code Through Malicious Meeting Links

Cisco Webex Vulnerability Lets Hackers Execute Code Through Malicious Meeting Links

Published on

SIEM as a Service

Follow Us on Google News

Cisco has disclosed a high-severity vulnerability in its widely used Webex App, warning users that attackers could exploit the flaw to execute arbitrary code on targeted computers.

Tracked as CVE-2025-20236, the vulnerability arises from improper input validation in the app’s custom URL parser, exposing users to remote code execution simply by clicking a specially crafted meeting invite link.

Overview of the vulnerability:

The vulnerability is tracked as CVE-2025-20236, classified with a high CVSS score of 8.8. The flaw exists due to insufficient input validation in the Webex App’s custom URL parser.

- Advertisement - Google News

Below is a table summarizing the key vulnerability details and the affected product versions:

CVE IDVulnerable ProductAffected VersionsFixed Version(s)CVSS ScoreSeverity
CVE-2025-20236Cisco Webex App44.6, 44.744.6.2.30589, 44.8+8.8High

According to Cisco’s security advisory, the flaw stems from insufficient checks when the Webex App processes meeting invite links.

Attackers could craft malicious URLs that, when clicked by unsuspecting users, prompt the download of arbitrary files.

This could allow code execution with the current user’s privileges—opening the door to data theft, further malware installation, or lateral network movement.

No workarounds exist, making patching the only effective mitigation. Cisco has already released fixed versions and is urging all users to upgrade immediately.

The vulnerability can be exploited remotely without any authentication, although user interaction (clicking the link) is needed.

While Cisco’s Product Security Incident Response Team (PSIRT) reports no current public exploitation, the high CVSS score indicates significant risk.

“Exploitation could allow an unauthenticated, remote attacker to execute arbitrary commands on the host of the targeted user. Patching is mandatory, as no workarounds are available.”

Users on 44.6 or 44.7 must migrate to at least 44.6.2.30589 or any later secure release. Releases 44.5 and earlier, as well as 44.8 and later, are not affected.

Recommendations

  • Upgrade Immediately: Apply the latest Webex App patches from Cisco’s official download channels.
  • Be Cautious: Avoid clicking Webex meeting links from untrusted sources.
  • Monitor Cisco Advisories: Stay updated through Cisco Security Advisories.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Regeneron to Buy 23andMe for $256M Amid Growing Data Privacy Concerns

Biotechnology giant Regeneron Pharmaceuticals has emerged as the successful bidder in the bankruptcy auction...

CISA Includes MDaemon Email Server XSS Flaw in KEV Catalog

Cybersecurity and Infrastructure Security Agency (CISA) has added a cross-site scripting (XSS) vulnerability affecting...

Hackers Use Weaponized RAR Archives to Deliver Pure Malware in Targeted Attacks

Russian organizations have become prime targets of a sophisticated malware campaign deploying the Pure...

Cyberattack on Serviceaide Compromises Data of 480,000 Catholic Health Patients

Data breach at Serviceaide, Inc., a technology vendor for Catholic Health, exposed sensitive information...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Regeneron to Buy 23andMe for $256M Amid Growing Data Privacy Concerns

Biotechnology giant Regeneron Pharmaceuticals has emerged as the successful bidder in the bankruptcy auction...

CISA Includes MDaemon Email Server XSS Flaw in KEV Catalog

Cybersecurity and Infrastructure Security Agency (CISA) has added a cross-site scripting (XSS) vulnerability affecting...

Hackers Use Weaponized RAR Archives to Deliver Pure Malware in Targeted Attacks

Russian organizations have become prime targets of a sophisticated malware campaign deploying the Pure...