How severe is CVE-2025-20236?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2025-20236?

This is classified as CWE-829, which is a common weakness in software security.

CVE-2025-20236 - HIGH Severity | CVSS 8.8

Vulnerability Description

A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user.

Related Vulnerabilities

CVE-2018-18387

HIGH

CVSS:8.8(High)

playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.

CWE-8292018

CVE-2019-8154

HIGH

CVSS:8.8(High)

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger PHP fi...

CWE-8292019

CVE-2019-9829

HIGH

CVSS:8.8(High)

Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on...

CWE-8292019

CVE-2021-30507

HIGH

CVSS:8.8(High)

Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTM...

CWE-8292021

CVE-2022-22246

HIGH

CVSS:8.8(High)

A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. By chaining this ...

CWE-8292022

CVE-2022-30243

HIGH

CVSS:8.8(High)

Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A use...

CWE-8292022