PUBLISHED DATE: May 21, 2025CVE-2025-20255:
A vulnerability in client...

Description

A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerability is due to improper handling of malicious HTTP requests to the affected service. An attacker could exploit this vulnerability by manipulating stored HTTP responses within the service, also known as HTTP cache poisoning. A successful exploit could allow the attacker to cause the Webex Meetings service to return incorrect HTTP responses to clients.

Questions to Ask Vendors

1. Can you confirm whether your systems are affected by CVE-2025-20255, and if so, what steps are you currently taking to mitigate this vulnerability?
2. What is your estimated timeline for fully resolving CVE-2025-20255 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

• Check out the advisory links provided below.

References

• https://capec.mitre.org/data/definitions/141.html
• https://capec.mitre.org/data/definitions/142.html
• https://capec.mitre.org/data/definitions/75.html
• https://nvd.nist.gov/vuln/detail/CVE-2025-20255