CVE-2025-20156
CRITICALDescription
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could exploit this vulnerability by sending API requests to a specific endpoint. A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| cisco | meeting_management |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-20156? +
How severe is CVE-2025-20156? +
What products are affected by CVE-2025-20156? +
How do I check if I'm vulnerable to CVE-2025-20156? +
Related Vulnerabilities
Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value …
spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READ_STRING_SYSCALL.
NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful …
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an …
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action …
Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.