CVE-2025-20329
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-12-01
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | telepresence_collaboration_endpoint | From 9.0.0.0 (inc) to 9.15.18.5 (inc) |
| cisco | roomos | From 10.0.0.0 (inc) to 11.32.2.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an information disclosure flaw in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software. When SIP media component logging is enabled, unencrypted credentials are stored in audit logs. An authenticated remote attacker with valid administrative credentials can access these logs and view sensitive information, including credentials and potentially personally identifiable information (PII), in clear text. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with administrative access to obtain sensitive credentials and confidential information stored in the audit logs. This could lead to unauthorized access to confidential data, including personally identifiable information (PII), potentially compromising the security and privacy of affected systems and users. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability could negatively impact compliance with standards and regulations such as GDPR and HIPAA because it exposes personally identifiable information (PII) in clear text to attackers with administrative access. Unauthorized disclosure of PII may violate data protection requirements and lead to regulatory non-compliance. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by verifying if SIP media component logging is explicitly enabled on Cisco TelePresence Collaboration Endpoint (CE) or Cisco RoomOS Software devices. Since the vulnerability involves unencrypted credentials stored in audit logs, checking the presence and content of these logs is key. However, no specific detection commands are provided in the available resources. Access to audit logs requires valid administrative credentials. It is recommended to review device logging settings and audit logs for unencrypted credentials related to SIP media components. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading affected Cisco TelePresence CE and RoomOS Software to the fixed releases: TelePresence CE and RoomOS version 11.32.2.1 or RoomOS July 2025 for cloud-aware deployments. Since no workarounds or temporary mitigations are available, upgrading to these patched software versions is strongly recommended. Additionally, verify device compatibility and memory requirements before upgrading, and contact Cisco TAC for assistance if needed. Disabling SIP media component logging if it is enabled can also reduce exposure. [1]