Cyber Security News

Cisco Webex Vulnerability Lets Hackers Execute Code Through Malicious Meeting Links

Cisco has disclosed a high-severity vulnerability in its widely used Webex App, warning users that attackers could exploit the flaw to execute arbitrary code on targeted computers.

Tracked as CVE-2025-20236, the vulnerability arises from improper input validation in the app’s custom URL parser, exposing users to remote code execution simply by clicking a specially crafted meeting invite link.

Overview of the vulnerability:

The vulnerability is tracked as CVE-2025-20236, classified with a high CVSS score of 8.8. The flaw exists due to insufficient input validation in the Webex App’s custom URL parser.

Below is a table summarizing the key vulnerability details and the affected product versions:

CVE IDVulnerable ProductAffected VersionsFixed Version(s)CVSS ScoreSeverity
CVE-2025-20236Cisco Webex App44.6, 44.744.6.2.30589, 44.8+8.8High

According to Cisco’s security advisory, the flaw stems from insufficient checks when the Webex App processes meeting invite links.

Attackers could craft malicious URLs that, when clicked by unsuspecting users, prompt the download of arbitrary files.

This could allow code execution with the current user’s privileges—opening the door to data theft, further malware installation, or lateral network movement.

No workarounds exist, making patching the only effective mitigation. Cisco has already released fixed versions and is urging all users to upgrade immediately.

The vulnerability can be exploited remotely without any authentication, although user interaction (clicking the link) is needed.

While Cisco’s Product Security Incident Response Team (PSIRT) reports no current public exploitation, the high CVSS score indicates significant risk.

“Exploitation could allow an unauthenticated, remote attacker to execute arbitrary commands on the host of the targeted user. Patching is mandatory, as no workarounds are available.”

Users on 44.6 or 44.7 must migrate to at least 44.6.2.30589 or any later secure release. Releases 44.5 and earlier, as well as 44.8 and later, are not affected.

Recommendations

  • Upgrade Immediately: Apply the latest Webex App patches from Cisco’s official download channels.
  • Be Cautious: Avoid clicking Webex meeting links from untrusted sources.
  • Monitor Cisco Advisories: Stay updated through Cisco Security Advisories.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

PowerDNS Vulnerability Allows Attackers to Trigger DoS Attacks Through Malicious TCP Connections

PowerDNS has released a critical security update to address a vulnerability in its DNSdist load…

50 minutes ago

VanHelsing Ransomware Builder Exposed on Hacker Forums

The cybersecurity landscape reveal that the VanHelsing ransomware operation has experienced a significant security breach…

53 minutes ago

IBM Warns: One-Third of Cyber Attacks Use Advanced Tactics to Steal Login Credentials

IBM X-Force's 2024 cybersecurity report, nearly one-third of cyber intrusions now rely on identity-based attacks,…

1 hour ago

19-Year-Old Hacker Admits Guilt in Major Cyberattack on PowerSchool

Massachusetts college student stands accused of orchestrating a sweeping cyberattack on PowerSchool, a widely used…

1 hour ago

SideWinder APT Hackers Exploits Legacy Office Vulnerabilities to Deploy Malware Undetected

The Acronis Threat Research Unit (TRU) has revealed an advanced campaign believed to be orchestrated…

1 hour ago

Cellcom Confirms Cybersecurity Breach After Network Failure

Cellcom/Nsight has officially confirmed a cyberattack as the cause of a five-day service disruption affecting…

3 hours ago