April 18, 2025 By Sergiu Gatlan
Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links.
Tracked as CVE-2025-20236, this security flaw was found in the Webex custom URL parser and can be exploited by tricking users into downloading arbitrary files, which lets threat actors execute arbitrary commands on systems running unpatched software in low complexity attacks.
"This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link," Cisco explained in a security advisory released this week.
| Cisco Webex App Release | First Fixed Release |
|---|---|
| 44.5 and earlier | Not vulnerable. |
| 44.6 | 44.6.2.30589 |
| 44.7 | Migrate to a fixed release. |
| 44.8 and later | Not vulnerable. |