22Oca
CVE-2025-20156 | Cisco Meeting Management up to 3.9.0 REST API insufficient privileges (cisco-sa-cmm-privesc-uy2Vf8pc)
A vulnerability, which was classified as very critical, was found in Cisco Meeting Management up to 3.9.0. This affects an unknown part of the component REST API. The manipulation leads to improper handling of insufficient privileges. This vulnerability is uniquely identified as CVE-2025-20156. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.