Cisco Patches Critical Vulnerability in Meeting Management

Cisco has released patches for three vulnerabilities, including a critical privilege escalation bug and a DoS flaw for which exploit code exists.

Cisco on Wednesday announced patches for three vulnerabilities, including a critical bug in Meeting Management and a medium flaw in ClamAV for which exploit code exists.

The critical-severity issue, tracked as CVE-2025-20156 (CVSS score of 9.9), affects the REST API of Meeting Management and can be exploited by remote attackers to elevate privileges to those of an administrator. The security defect exists due to improper authorization enforcement upon REST API users.

“An attacker could exploit this vulnerability by sending API requests to a specific endpoint. A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management,” the tech giant explains.

According to Cisco, all devices running Meeting Management, regardless of their configuration settings, are affected and no ...