Primary

Context

Cisco Webex App Custom URL Parser Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in Cisco Webex App, stemming from inadequate input validation in the custom URL parser. This issue allows an unauthenticated, remote attacker to convince a user to download arbitrary files, which could then be used to execute commands on the user's host. The vulnerability arises when the application processes a crafted meeting invite link.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution on the affected user's device, with the executed commands running under the user's privileges.

Remediation

Cisco has released software updates to address this vulnerability. Users can obtain these updates through their usual channels. For specific upgrade instructions, refer to the Cisco Security Vulnerability Policy.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Webex App Custom URL Parser Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cisco Webex App

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating