CVE-2025-20236
HIGHDescription
A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user.
Is your site exposed to CVE-2025-20236?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| cisco | webex_teams |
| cisco | webex_teams |
| cisco | webex_teams |
| cisco | webex_teams |
| cisco | webex_teams |
| cisco | webex_teams |
References
Frequently Asked Questions
What is CVE-2025-20236? +
How severe is CVE-2025-20236? +
What products are affected by CVE-2025-20236? +
How do I check if I'm vulnerable to CVE-2025-20236? +
Related Vulnerabilities
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota plugin add` and `kiota plugin generate` (with …
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota info` read x-ms-kiota-info.languagesInformation.<language>.dependencyInstallCommand plus dependency name and …
conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the …
Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, …
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL <4.4-00P1 may allow an …
A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache (such as those …