Cisco Webex Services Cross-Site Scripting Vulnerabilities
TL;DR 📌
Cisco has identified multiple cross-site scripting (XSS) vulnerabilities in Cisco Webex Services that could allow an unauthenticated remote attacker to exploit users. The vulnerabilities have been addressed, and no user action is required for updates.
What happened 🕵️♂️
Multiple vulnerabilities in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. These vulnerabilities arise from improper filtering of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user to follow a malicious link, which could lead to a successful XSS attack against the targeted user.
Affected products 🖥️
The vulnerabilities affect Cisco Webex, which is a cloud-based service.
Fixed software 🔧
Upgrade to at least the first fixed release in your train (or later):
| Product / Release Train | First Fixed Release | Notes |
|---|---|---|
| ISE / ISE-PIC 1.0 | Initial public release. |
Workarounds 🧯
There are no workarounds that address these vulnerabilities.
Risk in context 🎯
The highest CVSS score for these vulnerabilities is 6.1, classified as MEDIUM severity. While the risk is notable, Cisco has taken steps to mitigate the vulnerabilities, and there is currently no known public exploitation.
Fast facts ⚡
- Advisory ID: cisco-sa-webex-xss-7teQtFn8
- CVEs: CVE-2025-20250, CVE-2025-20246, CVE-2025-20247
- CVSS Score: 6.1 (MEDIUM)
- No user action required for updates.
For leadership 🧭
It is crucial for leadership to be aware of these vulnerabilities and the swift action taken by Cisco to address them. Regular communication with the Cisco Technical Assistance Center (TAC) is recommended for any further inquiries or support regarding security vulnerabilities.