Cisco has released patches for a critical privilege escalation vulnerability in Meeting Management (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) that, when triggered, could terminate the ClamAV scanning process on endpoints running a Cisco Secure Endpoint Connector. Proof-of-concept (PoC) exploit code for CVE-2025-20128 is available, Cisco said, but the company is not aware of the vulnerability being exploited in the wild. Credit for reporting the flaw has been given to OSS-Fuzz, Google’s continuous fuzzing … More
The post Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw appeared first on Help Net Security.
