Acceptance of Extraneous Untrusted Data With Trusted Data

CVE-2025-20255

Medium

4.3/10

Summary

A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerability is due to improper handling of malicious HTTP requests to the affected service. An attacker could exploit this vulnerability by manipulating stored HTTP responses within the service, also known as HTTP cache poisoning. A successful exploit could allow the attacker to cause the Webex Meetings service to return incorrect HTTP responses to clients.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data

The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

References

Advisory Timeline

Published May 21, 2025

Acceptance of Extraneous Untrusted Data With Trusted Data

CVE-2025-20255

Summary

CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS