Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News
Sign In Sign Up

CVE-2025-20156

CRITICAL
Published 2025-01-22T16:21:20.333Z
Actions:

CVSS Score

V3.1
9.9
/10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01
0.001
probability
of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25
Exploit Probability
Percentile: 0.261
Higher than 26.1% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device.

This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could exploit this vulnerability by sending API requests to a specific endpoint. A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management.

Available Exploits

No exploits available for this CVE.

Related News

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw

Cisco has released patches for a critical privilege escalation vulnerability in Meeting Management (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) that, when triggered, could terminate the ClamAV scanning process on endpoints running a…

Help Net Security 2025-01-23 12:57
Read More
Cisco addresses a critical privilege escalation bug in Meeting Management

Cisco addressed a critical flaw in its Meeting Management that could allow it to gain administrator privileges on vulnerable instances. Cisco released security updates to fix a critical flaw, tracked as CVE-2025-20156 (CVSS score of 9.9) affecting its Meeting…

Securityaffairs.com 2025-01-23 08:17
Read More
Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances. The vulnerability, tracked as CVE-2025-20156, ca…

Internet 2025-01-23 06:21
Read More
CVE-2025-20156 (CVSS 9.9): Cisco Meeting Management Flaw Allows for Privilege Escalation

Cisco has issued a security advisory addressing a critical privilege escalation vulnerability (CVE-2025-20156) in its Meeting Management software. The post CVE-2025-20156 (CVSS 9.9): Cisco Meeting Management Flaw Allows for Privilege Escalation appeared first on Cybersecurity News.

SecurityOnline.info 2025-01-23 02:44
Read More

Affected Products

Cisco

Cisco Meeting Management

Affected Versions:

CMM3.4.0 CMM3.2.0 CMM2.9.1 CMM2.9.0 CMM3.1.0 CMM3.5.0 CMM3.6.0 CMM3.6.1 CMM3.7.0 CMM3.8.0 CMM3.9.0

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-privesc-uy2Vf8pc
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA
Published: 2025-01-22T16:21:20.333Z
Last Modified: 2025-01-29T15:18:06.406Z
Copied to clipboard!