Security News > 2020 > September > Attackers Can Exploit Critical Cisco Jabber Flaw With One Message
Researchers are warning of a critical remote code-execution flaw in the Windows version of Cisco Jabber, the networking company's video-conferencing and instant-messaging application.
The flaw has a CVSS score of 9.9 out of 10, making it critical in severity, Cisco said in a Wednesday advisory.
An attacker could exploit the flaw by sending specially crafted Extensible Messaging and Presence Protocol messages to vulnerable end-user systems running Cisco Jabber for Windows.
The issue stems from Cisco Jabber improperly validating message contents; the application does not properly sanitize incoming HTML messages.
Cisco has released updates for different releases of affected Cisco Jabber.
News URL
https://threatpost.com/attackers-can-exploit-critical-cisco-jabber-flaw-with-one-message/158942/
Related news
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- ⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More (source)
- Apache Parquet exploit tool detect servers vulnerable to critical flaw (source)
- Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT (source)
- China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide (source)
- Exploit details for max severity Cisco IOS XE flaw now public (source)
- Cisco warns of ISE and CCP flaws with public exploit code (source)