Cisco addressed a serious vulnerability in its Meeting Management tool for the Cisco Meeting Server, reported by bug hunter Ben Leonard-Lagarde. The flaw, designated as CVE-2025-20156, involved improper authorization for REST API users, which led to potential privilege escalation allowing cybercriminals to gain admin rights. While a patch has been released, users must upgrade their systems urgently as almost all versions are affected. There is currently no information on whether the vulnerability has been actively exploited.
Cisco has fixed a critical vulnerability in its Meeting Management tool, which potentially allowed cybercriminals to gain admin rights through an exploited API.
The vulnerability, publicized by Ben Leonard-Lagarde, involved incorrect authorization for REST API users in Cisco Meeting Server, allowing for privilege escalation.
Users of Cisco Meeting Management are urged to urgently patch affected versions, as almost all versions are vulnerable except the latest non-vulnerable release.
While a patch is available, it remains unclear if the vulnerability has already been exploited in the wild.
Collection
[
|
...
]