CVE-2025-20156
Cisco Meeting Management Client-Server Privilege Escalation Vulnerability
CVSS Score
9.9
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could exploit this vulnerability by sending API requests to a specific endpoint. A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management.
| CWE | CWE-274 |
| Vendor | cisco |
| Product | cisco meeting management |
| Ecosystems | |
| Industries | NetworkingTelecommunications |
| Published | Jan 22, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for cisco cisco meeting management
Be the first to know when new critical vulnerabilities affecting cisco cisco meeting management are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Cisco / Cisco Meeting Management
CMM3.4.0 CMM3.2.0 CMM2.9.1 CMM2.9.0 CMM3.1.0 CMM3.5.0 CMM3.6.0 CMM3.6.1 CMM3.7.0 CMM3.8.0 CMM3.9.0
References
sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-privesc-uy2Vf8pc blog.clamav.net: https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA