Login Sign Up

CVE-2025-20236

8.8 HIGH
Remote Code Execution

📋 TL;DR

A vulnerability in Cisco Webex App's URL parser allows unauthenticated remote attackers to trick users into downloading malicious files via crafted meeting invite links. This could lead to arbitrary command execution on the user's system with their privileges. All users running vulnerable versions of Cisco Webex App are affected.

💻 Affected Systems

Products:
  • Cisco Webex App
Versions: Versions prior to the fixed release
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All standard installations are vulnerable; requires user interaction (clicking malicious link).

📦 What is this software?

Webex Teams by Cisco

View all CVEs affecting Webex Teams →

Webex Teams by Cisco

View all CVEs affecting Webex Teams →

Webex Teams by Cisco

View all CVEs affecting Webex Teams →

Webex Teams by Cisco

View all CVEs affecting Webex Teams →

Webex Teams by Cisco

View all CVEs affecting Webex Teams →

Webex Teams by Cisco

View all CVEs affecting Webex Teams →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the user's device, data theft, lateral movement, and persistent access.

🟠

Likely Case

Malware installation leading to data exfiltration, ransomware deployment, or credential harvesting from the compromised system.

🟢

If Mitigated

Limited impact with user awareness preventing link clicks, endpoint protection blocking malicious downloads, or network filtering blocking exploit attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires social engineering but is technically simple once a user clicks the link.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Cisco advisory for specific fixed versions

Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-client-rce-ufyMMYLC

Restart Required: Yes

Instructions:

1. Open Cisco Webex App. 2. Go to Help > Check for Updates. 3. Install available updates. 4. Restart the application.

🔧 Temporary Workarounds

Disable automatic URL handling

all

Configure Webex not to automatically process meeting links

Network filtering

all

Block suspicious meeting invite URLs at firewall/proxy

🧯 If You Can't Patch

  • Implement strict endpoint protection with file download scanning
  • Train users to avoid clicking unsolicited meeting links

🔍 How to Verify

Check if Vulnerable:

Check Webex App version against Cisco advisory; versions prior to fixed release are vulnerable.

Check Version:

In Webex App: Help > About Webex

Verify Fix Applied:

Confirm Webex App version matches or exceeds the patched version listed in Cisco advisory.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file downloads triggered by Webex
  • Process execution from unexpected Webex-related paths

Network Indicators:

  • Outbound connections from Webex to unusual domains
  • Downloads of executable files via Webex

SIEM Query:

source="webex" AND (event="file_download" OR event="process_execution")

📊 Metadata

CVE ID: CVE-2025-20236
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-829
EPSS Score: 0.36% exploit probability (57.3th percentile)
Published: April 16, 2025
Last Updated: August 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-20236, you might also want to check these:

CVE-2026-1699 10.0

This CVE describes a critical GitHub Actions vulnerability in Eclipse Theia's website repository whe...

Same vulnerability type (CWE-829)
CVE-2022-1161 10.0

This vulnerability allows attackers with program modification access to alter user program code on R...

Same vulnerability type (CWE-829)
CVE-2025-0982 10.0

A sandbox escape vulnerability in Google Cloud Application Integration's JavaScript Task feature all...

Same vulnerability type (CWE-829)