Cisco Webex Vulnerability Lets Hackers Execute Code Through Malicious Meeting Links

Summary: Cisco has warned of a critical vulnerability (CVE-2025-20236) in its Webex App that could allow attackers to execute arbitrary code on user systems by manipulating meeting invite links. This flaw, stemming from improper input validation, carries a high CVSS score of 8.8 and requires user interaction to exploit. Cisco has released patches and urges users to upgrade immediately to avoid potential data theft or further malware installation.

Affected: Cisco Webex App

Keypoints :

• Flaw arises from insufficient input validation in the app’s custom URL parser.
• Exploitation does not require authentication but needs the victim to click a malicious link.
• Users on versions 44.6 or 44.7 must upgrade to at least 44.6.2.30589.
• No workarounds exist; immediate patching is necessary.
• Cisco’s security advisory emphasizes the significant risk despite no current public exploitation reported.