Cisco Webex bug lets hackers gain code execution via meeting links

Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links. Tracked as CVE-2025-20236, this security flaw was found in the Webex custom URL parser and can be exploited by tricking users into downloading arbitrary files, which lets threat actors execute arbitrary commands on systems running unpatched software in low complexity attacks. "This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link," Cisco explained in a security advisory released this week. "An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user." This security bug impacts Cisco Webex App installations regardless of operating system or system ... Read full article.