Cisco on Wednesday announced patches for three vulnerabilities, including a critical bug in Meeting Management and a medium flaw in ClamAV for which exploit code exists.

The critical-severity issue, tracked as CVE-2025-20156 (CVSS score of 9.9), affects the REST API of Meeting Management and can be exploited by remote attackers to elevate privileges to those of an administrator. The security defect exists due to improper authorization enforcement upon REST API users.

“An attacker could exploit this vulnerability by sending API requests to a specific endpoint. A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management,” the tech giant explains.

According to Cisco, all devices running Meeting Management, regardless of their configuration settings, are affected and no workarounds exist.

Patches for the vulnerability were included in Meeting Management version 3.9.1. Users of version 3.8 and earlier of the software are advised to migrate to the fixed release. Version 3.10 is not affected.

On Wednesday, the tech giant also announced fixes for CVE-2025-20165, a high-severity bug in the SIP processing subsystem of Cisco BroadWorks, which could allow a remote, unauthenticated attacker to cause a denial-of-service (DoS) condition.

Because certain SIP requests are not properly handled, an attacker could send a high number of such requests to a vulnerable system, exhausting the memory allocated to the BroadWorks Network Servers handling SIP traffic, causing a DoS condition that requires manual intervention to recover.

The flaw was addressed with the release of BroadWorks version RI.2024.11. Customers are advised to update to the patched iteration, as there are no workarounds for this bug.

Cisco says it is not aware of any public announcements or exploitation of any of these two vulnerabilities.

However, the tech giant warns that proof-of-concept (PoC) code exists for a third vulnerability resolved on Wednesday, which impacts the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV and is tracked as CVE-2025-20128.

The medium-severity issue is a heap buffer overflow read caused by an integer underflow in a bounds check, which allows an attacker to submit a crafted file containing OLE2 content. When scanned by ClamAV, the file would terminate the scanning process, causing a DoS condition.

Cisco addressed the vulnerability with Secure Endpoint Connector releases for Linux (version 1.25.1), macOS (version 1.24.4), Windows (versions 7.5.20 and 8.4.3), and cloud (version 4.2.0 with updated connectors).

“This vulnerability, which has a Medium Security Impact Rating (SIR), affects Linux, Mac, and Windows-based platforms. Exploitation of the vulnerability could cause the scanning process to crash, delaying or preventing further scanning operations. However, overall system stability is not affected,” Cisco notes.

The tech giant notes that, while PoC code for this vulnerability exists, it is not aware of the bug being exploited in the wild. Cisco has credited Google OSS-Fuzz for reporting the issue.

Cisco customers are advised to apply the patches as soon as possible. Additional information can be found on the company’s security advisories page.

Related: Bootloader Vulnerability Impacts Over 100 Cisco Switches

Related: Cisco Warns of Attacks Exploiting Decade-Old ASA Vulnerability

Related: US Gathers Allies to Talk AI Safety as Trump’s Vow to Undo Biden’s AI Policy Overshadows Their Work

Related: Fitness App Strava Gives Away Location of Biden, Trump and other Leaders, French Newspaper Says