CVE-2025-20291
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-03

Last updated on: 2025-09-09

Assigner: Cisco Systems, Inc.

Description
A vulnerability in Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to redirect a targeted Webex Meetings user to an untrusted website. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of URLs that were included in a meeting-join URL. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by including a URL to a website of their choosing in a specific value of a Cisco Webex Meetings join URL. A successful exploit could have allowed the attacker to redirect a targeted user to a website that was controlled by the attacker, possibly making the user more likely to believe the website was trusted by Webex and perform additional actions as part of phishing attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-03
Last Modified
2025-09-09
Generated
2026-06-16
AI Q&A
2025-09-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-20291
EUVD
EUVD-2025-26615
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cisco webex_meetings *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a URL redirection flaw in Cisco Webex Meetings caused by insufficient validation of URLs included in meeting-join URLs. An unauthenticated, remote attacker could craft a malicious Webex Meetings join URL containing a link to an attacker-controlled website. When a targeted user clicks this URL, they could be redirected to the malicious site, which might appear trusted due to its association with Webex, increasing the risk of phishing attacks. [1]

Impact Analysis

If exploited, this vulnerability could redirect you to an attacker-controlled website when clicking a malicious Webex Meetings join URL. This redirection could lead to phishing attacks, where the attacker might trick you into revealing sensitive information or performing harmful actions, as the malicious site may appear trustworthy because of its link to Webex. [1]

Detection Guidance

This vulnerability cannot be detected on your network or system using specific commands because it is a flaw in the cloud-based Cisco Webex Meetings service itself. There are no on-premises software or device updates related to this issue, and no detection commands or tools are provided. The vulnerability involves URL redirection through crafted meeting-join URLs, which would require monitoring user interactions with such URLs rather than network or system scanning. [1]

Mitigation Strategies

No immediate steps are required from customers to mitigate this vulnerability because Cisco has addressed the issue in the Webex Meetings service itself. There are no updates or workarounds needed on customer devices or software. Customers are advised to contact Cisco TAC or their maintenance providers if they need further assistance. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-20291. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart