Cisco has launched safety updates for a high-severity Webex vulnerability that permits unauthenticated attackers to achieve client-side distant code execution utilizing malicious assembly invite hyperlinks.
Tracked as CVE-2025-20236, this safety flaw was discovered within the Webex customized URL parser and might be exploited by tricking customers into downloading arbitrary recordsdata, which lets menace actors execute arbitrary instructions on programs operating unpatched software program in low complexity assaults.
“This vulnerability is because of inadequate enter validation when Cisco Webex App processes a gathering invite hyperlink,” Cisco defined in a safety advisory launched this week.
“An attacker might exploit this vulnerability by persuading a consumer to click on a crafted assembly invite hyperlink and obtain arbitrary recordsdata. A profitable exploit might permit the attacker to execute arbitrary instructions with the privileges of the focused consumer.”
This safety bug impacts Cisco Webex App installations no matter working system or system configuration. There are not any workarounds, so software program updates are required to dam potential exploitation makes an attempt.
Cisco Webex App Launch
First Fastened Launch
44.5 and earlier
Not weak.
44.6
44.6.2.30589
44.7
Migrate to a hard and fast launch.
44.8 and later
Not weak.
This week, Cisco additionally launched safety patches for a privilege escalation flaw (CVE-2025-20178) in Safe Community Analytics’ web-based administration interface, which might let attackers with admin credentials run arbitrary instructions as root.
Cisco additionally addressed a Nexus Dashboard vulnerability (CVE-2025-20150) that permits unauthenticated attackers to enumerate LDAP consumer accounts remotely and decide which usernames are legitimate.
Nevertheless, the corporate’s Product Safety Incident Response Group (PSIRT) discovered no proof-of-concept exploits within the wild and no proof of malicious exercise concentrating on programs unpatched in opposition to safety flaws mounted this Wednesday.
Earlier this month, Cisco additionally warned admins to patch a vital Cisco Sensible Licensing Utility (CSLU) static credential vulnerability (CVE-2024-20439) that exposes a built-in backdoor admin account and is now actively exploited in assaults.
In late March, CISA added the CVE-2024-20439 flaw to its Identified Exploited Vulnerabilities Catalog and ordered U.S. federal companies to safe their networks in opposition to ongoing assaults inside three weeks by April 21.
