Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links. Tracked as CVE-2025-20236, this security flaw was found in the Webex custom URL parser and can be exploited by tricking users into downloading arbitrary files, which lets threat actors execute arbitrary commands on systems running unpatched software in low complexity attacks. This week, Cisco also released security patches for a privilege escalation flaw (CVE-2025-20178) in Secure Network Analytics' web-based management interface, which can let attackers with admin credentials run arbitrary commands as root. "This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link," Cisco explained in a security advisory released this week. Earlier this month, Cisco also warned admins to patch a critical Cisco Smart Licensing Utility (CSLU) static credential vulnerability (CVE-2024-20439) that exposes a built-in backdoor admin account and is now actively exploited in attacks. Cisco also addressed a Nexus Dashboard vulnerability (CVE-2025-20150) that allows unauthenticated attackers to enumerate LDAP user accounts remotely and determine which usernames are valid. However, the company's Product Security Incident Response Team (PSIRT) found no proof-of-concept exploits in the wild and no evidence of malicious activity targeting systems unpatched against security flaws fixed this Wednesday. "An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. This security bug impacts Cisco Webex App installations regardless of operating system or system configuration.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 18 Apr 2025 12:10:14 +0000