A critical security vulnerability has been identified in Cisco Meeting Management, potentially allowing attackers with low-level access to elevate their privileges to administrator.

The flaw tracked as CVE-2025-20156 resides in the REST API of Cisco Meeting Management. It stems from inadequate enforcement of authorization protocols for REST API users.

Exploiting this vulnerability requires an attacker to send specially crafted API requests to a specific endpoint. If successful, the attacker could gain administrator-level control over edge nodes managed by Cisco Meeting Management.

This vulnerability is particularly concerning as it could enable attackers to compromise critical systems by escalating their privileges. However, only authenticated users with low-level access can exploit the flaw, limiting its scope compared to unauthenticated vulnerabilities.

Cisco Meeting Management Vulnerability

The vulnerability affects all versions of Cisco Meeting Management prior to version 3.9.1. Users running versions earlier than 3.9 are advised to migrate to a fixed release. The first secure versions are as follows:

• 3.9.1: Vulnerability patched.
• 3.10: Not affected.

Cisco has released free software updates addressing this vulnerability. Customers with valid service contracts can access the updates through their usual support channels or via the Cisco Support and Downloads page.

For those without service contracts, the Cisco Technical Assistance Center (TAC) can provide assistance in obtaining the necessary patches.

Cisco has issued a security advisory and released software updates to address the issue, urging users to upgrade immediately.

There are no available workarounds for this issue, making software updates the only viable solution for mitigating the risk.

Cisco strongly recommends that all customers:

• Upgrade to version 3.9.1 or later immediately.
• Verify that their devices have sufficient memory and compatible hardware configurations before upgrading.
• Regularly review security advisories for all Cisco products to ensure comprehensive protection.

As of now, Cisco’s Product Security Incident Response Team (PSIRT) has not observed any active exploitation of this vulnerability in the wild.

The issue was discovered during internal security testing, highlighting proactive measures by Cisco to identify and address potential threats before they are exploited.

Organizations using Cisco Meeting Management should act swiftly to apply the necessary updates and safeguard their systems against potential attacks.