Cisco released software updates to fix a serious vulnerability in Meeting Management, tracked as CVE-2025-20156, which allows remote attackers to escalate privileges to administrator level. With a CVSS score of 9.9, the flaw stems from inadequate authorization checks in the REST API. It affects multiple versions of the software. Additionally, Cisco issued patches for a denial-of-service vulnerability (CVE-2025-20165) in BroadWorks, caused by poor memory management with SIP requests, resulting in potential service outages.
"This vulnerability exists because proper authorization is not enforced upon REST API users," the company said in a Wednesday advisory. "An attacker could exploit this vulnerability by sending API requests to a specific endpoint."
Collection
[
|
...
]