Cisco Webex Meetings Vulnerability Allows Attackers to Manipulate HTTP Responses

Cisco has disclosed a medium-severity vulnerability (CVE-2025-20255) affecting its cloud-based Webex Meetings platform, specifically the client join services.

This flaw, identified by advisory ID Cisco-Sa-Webex-Cache-Q4xbkQBG and Cisco Bug ID CSCwo66106, could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service.

The vulnerability was assigned a CVSS 3.1 base score of 4.3, indicating a moderate risk level.

The root cause of the vulnerability is improper handling of malicious HTTP requests by the affected service.

When exploited, this issue enables an attacker to perform HTTP cache poisoning—a technique where a web cache is tricked into storing and subsequently serving a malicious or incorrect HTTP response to unsuspecting clients.

In this scenario, attackers could manipulate stored HTTP responses, causing the Webex Meetings service to return incorrect or potentially harmful data to users attempting to join meetings.

Technical Details: How HTTP Cache Poisoning Works

HTTP cache poisoning exploits weaknesses in how web applications or APIs handle and cache HTTP responses.

If an application fails to properly sanitize user-supplied input, such as headers like Accept-Language or User-Agent, an attacker can craft a request that injects malicious content into the cache.

Subsequent users requesting the same resource may then receive the poisoned response, potentially leading to information leakage, session hijacking, or other security issues.

A simplified example of a cache poisoning attack involves sending a request with a manipulated header:

textGET https://example.com/meetings/join HTTP/1.1
Host: example.com
Accept-Language: <script>alert('poisoned');</script>

If the application echoes this header value in its response without sanitization, and the cache does not key on the Accept-Language header, all users requesting the same URL could receive the attacker’s injected script.

In the case of Cisco Webex Meetings, the vulnerability stemmed from similar improper handling of HTTP requests within the client join services, allowing attackers to poison the cache and disrupt normal service operation.

Impact, Remediation, and Industry Response

The vulnerability affects only Cisco Webex Meetings’ cloud-based services. No on-premises software or devices are impacted, and Cisco has confirmed that no other products are vulnerable.

There are no available workarounds; however, Cisco has already addressed the issue on the affected cloud service, requiring no action from customers.

The company advises users seeking further information to contact the Cisco Technical Assistance Center (TAC).

Importantly, Cisco’s Product Security Incident Response Team (PSIRT) has not observed any public exploitation or malicious use of this vulnerability as of the advisory’s publication.

The vulnerability was responsibly reported by security researcher Matthew B. Johnson (d3d), and Cisco has publicly acknowledged his contribution.

Key Technical Codes and References

• CVE Identifier: CVE-2025-20255
• CWE Reference: CWE-349 (Acceptance of Malicious Input)
• CVSS Score: 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
• Cisco Bug ID: CSCwo66106
• Advisory ID: cisco-sa-webex-cache-Q4xbkQBG

This incident underscores the importance of robust input validation and secure caching mechanisms in cloud-based services.

While the risk to users is mitigated by Cisco’s prompt response, organizations are reminded to remain vigilant and stay informed about security advisories affecting their critical collaboration tools.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates