
The vulnerability ID is CVE-2025-20156; it’s described as a privilege escalation flaw in the Cisco Meeting Management REST API.
“This vulnerability exists because proper authorization is not enforced upon REST API users, – Cisco reports. – An attacker could exploit this vulnerability by sending API requests to a specific endpoint. A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management.”
CVE-2025-20156 affects the following product versions regardless of configuration:
- Cisco Meeting Management v. 3.9 (fixed in version 3.9.1); and
- Cisco Meeting Management v. 3.8 and earlier (it’s recommended to upgrade to a fixed version).
Cisco Meeting Management v. 3.10 isn’t vulnerable.
Earlier this week, Cisco released a patch to fix a BroadWorks DoS vulnerability caused by improper memory handling for certain Session Initiation Protocol (SIP) requests. The vulnerability ID is CVE-2025-20165 (CVSS score: 7.5), and it was fixed in version RI.2024.11.
“An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system, – Cisco reports. – A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover.”
The third vulnerability fixed by Cisco this week is CVE-2025-20128 (CVSS Score: 5.3). This is an integer overflow error that affects the Object Linking and Embedding 2 (OLE2) decryption procedure in ClamAV. This bug can also result in a denial of service (DoS). Cisco emphasized that a PoC exploit is already available for this vulnerability.

2025.02.03 — PyPI introduces a project archival system to combat malicious updates
The Python Package Index (PyPI) introduces a new project archival system: a project can now be archived to notify users that it's not expected to be updated…
Full article →
2025.02.07 — 768 vulnerabilities were exploited by hackers in 2024
According to VulnCheck, 768 CVEs were registered as exploited in real-life attacks in 2024. This is 20% greater compared to 2023 when hackers exploited 639 vulnerabilities. Interestingly,…
Full article →
2025.04.30 — Coinbase fixes 2FA bug that made customers panic
Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised. Earlier this month, BleepingComputer…
Full article →
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI
The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…
Full article →
2025.04.01 — Hackers abuse MU plugins to inject malicious payloads to WordPress
According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected. The technique was first discovered…
Full article →
2025.03.24 — Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud
Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company's cloud will no longer be supported. Effective March…
Full article →
2025.04.29 — FBI Offers 10 million USD for information on Salt Typhoon members
The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year's attack that had…
Full article →
2025.01.27 — Zyxel firewalls reboot due to flawed update
Zyxel warned its customers that a recent signature update may cause critical errors in USG FLEX and ATP series firewalls. As a result, devices go into…
Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage
According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…
Full article →
2025.02.06 — Let's Encrypt to stop sending expiration notification emails
The nonprofit organization announced that, starting June 4, 2025, it will stop sending expiration notification emails to subscribers. The primary reason behind this decision…
Full article →