How severe is CVE-2025-20255?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2025-20255?

This is classified as CWE-349, which is a common weakness in software security.

CVE-2025-20255 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerability is due to improper handling of malicious HTTP requests to the affected service. An attacker could exploit this vulnerability by manipulating stored HTTP responses within the service, also known as HTTP cache poisoning. A successful exploit could allow the attacker to cause the Webex Meetings service to return incorrect HTTP responses to clients.

Related Vulnerabilities

CVE-2024-21094

LOW

CVSS:3.7(Low)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: ...

CWE-3492024

CVE-2023-5548

MEDIUM

CVSS:5.3(Medium)

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.

CWE-3492023

CVE-2024-34083

MEDIUM

CVSS:5.4(Medium)

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if t...

CWE-3492024

CVE-2023-3749

MEDIUM

CVSS:5.5(Medium)

A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation.

CWE-3492023

CVE-2020-10751

MEDIUM

CVSS:6.1(Medium)

A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrect...

CWE-3492020

CVE-2019-9535

CRITICAL

CVSS:9.8(Critical)

A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects...

CWE-3492019