Cisco Warns of Meeting Management API Privilege Escalation Vulnerability

Cisco has issued a critical advisory regarding a privilege escalation vulnerability in its Meeting Management REST API.

The flaw tracked as CVE-2025-20156, allows a remote, authenticated attacker with low privileges to elevate their access to administrator-level control on affected devices, posing a significant threat to affected systems.

Vulnerability Details

The vulnerability stems from improper authorization enforcement on the REST API.

By exploiting this security lapse, attackers can send specially crafted API requests to a specific endpoint, potentially gaining unauthorized administrative control over edge nodes managed by Cisco Meeting Management.

This vulnerability has been assigned a CVSS Score of 9.9, indicating its criticality.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Cisco’s security team has urged all customers to act immediately to prevent potential exploitation. The advisory is published under the ID cisco-sa-cmm-privesc-uy2Vf8pc.

Affected Products

The vulnerability impacts all versions of Cisco Meeting ...