CVE-2025-20236

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Apr 16, 2025

Updated: Apr 17, 2025

CWE ID 829

Summary

CVE-2025-20236 is a vulnerability affecting the custom URL parser in Cisco Webex App. This issue allows unauthenticated, remote attackers to persuade users to download arbitrary files, potentially enabling the execution of arbitrary commands on the targeted user's host. The vulnerability arises from insufficient input validation during the processing of meeting invite links. An attacker can exploit this weakness by crafting a malicious meeting invite link, leading users to inadvertently download harmful files and granting the attacker control over the targeted system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/5RwupU
https://www.cve.org/CVERecord?id=CVE-2025-20236
https://nvd.nist.gov/vuln/detail/CVE-2025-20236

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2025-20236

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations