A critical security vulnerability has been identified in Cisco Meeting Management, potentially allowing attackers with low-level access to elevate their privileges to administrator.
The flaw tracked as CVE-2025-20156 resides in the REST API of Cisco Meeting Management. It stems from inadequate enforcement of authorization protocols for REST API users.
Exploiting this vulnerability requires an attacker to send specially crafted API requests to a specific endpoint. If successful, the attacker could gain administrator-level control over edge nodes managed by Cisco Meeting Management.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
This vulnerability is particularly concerning as it could enable attackers to compromise critical systems by escalating their privileges. However, only authenticated users with low-level access can exploit the flaw, limiting its scope compared to unauthenticated vulnerabilities.
Cisco Meeting Management Vulnerability
The vulnerability affects all versions of Cisco Meeting Management prior to version 3.9.1. Users running versions earlier than 3.9 are…
