Summary: Cisco has issued a critical patch for a vulnerability in its Meeting Management feature that could allow remote attackers to gain administrator privileges. The vulnerability, identified as CVE-2025-20156, is due to insufficient authorization enforcement in the REST API. Users of Cisco Meeting Management 3.9 or earlier are urged to upgrade to a supported version to mitigate the risk.
Threat Actor: Remote attackers | remote attackers
Victim: Cisco Meeting Management users | Cisco Meeting Management users
Keypoints :
- Vulnerability tracked as CVE-2025-20156 with a CVSS score of 9.9.
- Attackers can exploit the REST API to gain administrator-level control.
- Users must upgrade to version 3.9.1 or later to address the vulnerability.