Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability

4.9 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Description

A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.

This vulnerability exists because certain unencrypted credentials are stored when SIP media component logging is enabled. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials to which they may not normally have access. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII).
Note: To access the logs that are stored in the Webex Cloud or stored on the device itself, an attacker must have valid administrative credentials.

Basic Information

ID CVE-2025-20329

Source cisco

Published Oct 15, 2025 at 16:14

Affected Product

Vendor Cisco

Product Cisco RoomOS Software

Version RoomOS 10.11.2.2

Affected Versions Cisco Cisco RoomOS Software RoomOS 10.11.2.2
Cisco Cisco RoomOS Software RoomOS 10.15.2.2
Cisco Cisco RoomOS Software RoomOS 11.5.4.6
Cisco Cisco RoomOS Software RoomOS 11.5.2.4
Cisco Cisco RoomOS Software RoomOS 10.8.2.5
Cisco Cisco RoomOS Software RoomOS 10.11.5.2
Cisco Cisco RoomOS Software RoomOS 10.11.3.0
Cisco Cisco RoomOS Software RoomOS 10.15.5.3
Cisco Cisco RoomOS Software RoomOS 10.19.2.2
Cisco Cisco RoomOS Software RoomOS 11.1.3.1
Cisco Cisco RoomOS Software RoomOS 10.11.6.0
Cisco Cisco RoomOS Software RoomOS 10.19.3.0
Cisco Cisco RoomOS Software RoomOS 10.19.4.2
Cisco Cisco RoomOS Software RoomOS 10.3.2.4
Cisco Cisco RoomOS Software RoomOS 10.3.4.0
Cisco Cisco RoomOS Software RoomOS 10.15.3.0
Cisco Cisco RoomOS Software RoomOS 11.1.4.1
Cisco Cisco RoomOS Software RoomOS 11.14.2.3
Cisco Cisco RoomOS Software RoomOS 11.1.2.4
Cisco Cisco RoomOS Software RoomOS 10.8.3.1
Cisco Cisco RoomOS Software RoomOS 11.14.2.1
Cisco Cisco RoomOS Software RoomOS 10.3.3.0
Cisco Cisco RoomOS Software RoomOS 10.8.4.0
Cisco Cisco RoomOS Software RoomOS 10.15.4.1
Cisco Cisco RoomOS Software RoomOS 10.19.5.6
Cisco Cisco RoomOS Software RoomOS 10.11.4.1
Cisco Cisco RoomOS Software RoomOS 11.9.3.1
Cisco Cisco RoomOS Software RoomOS 11.5.3.3
Cisco Cisco RoomOS Software RoomOS 10.3.2.0
Cisco Cisco RoomOS Software RoomOS 11.9.2.4
Cisco Cisco RoomOS Software RoomOS 11.14.3.0
Cisco Cisco RoomOS Software RoomOS 11.17.2.2
Cisco Cisco RoomOS Software RoomOS 11.14.4.0
Cisco Cisco RoomOS Software RoomOS 10.19 StepUpg
Cisco Cisco RoomOS Software RoomOS 11.17.3.0
Cisco Cisco RoomOS Software RoomOS 11.20.2.3
Cisco Cisco RoomOS Software RoomOS 11.14.5.0
Cisco Cisco RoomOS Software RoomOS 11.17.4.0
Cisco Cisco RoomOS Software RoomOS 11.20.3.0
Cisco Cisco RoomOS Software RoomOS 11.23.1.6
Cisco Cisco RoomOS Software RoomOS 11.23.1.8
Cisco Cisco RoomOS Software RoomOS 11.24.1.5
Cisco Cisco RoomOS Software RoomOS 11.24.2.4
Cisco Cisco RoomOS Software RoomOS 11.24.3.0
Cisco Cisco RoomOS Software RoomOS 11.24.4.1
Cisco Cisco RoomOS Software RoomOS 11.27.2.0
Cisco Cisco RoomOS Software RoomOS 11.28.1.3
Cisco Cisco RoomOS Software RoomOS 11.27.3.0

References

sec.cloudapps.cisco.com /security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-inf-disc-qGgsbxAm

{
    "lastseen": "",
    "description": "A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability exists because certain unencrypted credentials are stored when SIP media component logging is enabled. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials to which they may not normally have access. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII).\r\nNote: To access the logs that are stored in the Webex Cloud or stored on the device itself, an attacker must have valid administrative credentials.",
    "published": "2025-10-15T16:14:59.904Z",
    "modified": "2025-10-15T16:14:59.904Z",
    "type": "cve",
    "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability",
    "source": "cisco",
    "references": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-inf-disc-qGgsbxAm",
    "id": "CVE-2025-20329",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Cisco Cisco RoomOS Software RoomOS 10.11.2.2\nCisco Cisco RoomOS Software RoomOS 10.15.2.2\nCisco Cisco RoomOS Software RoomOS 11.5.4.6\nCisco Cisco RoomOS Software RoomOS 11.5.2.4\nCisco Cisco RoomOS Software RoomOS 10.8.2.5\nCisco Cisco RoomOS Software RoomOS 10.11.5.2\nCisco Cisco RoomOS Software RoomOS 10.11.3.0\nCisco Cisco RoomOS Software RoomOS 10.15.5.3\nCisco Cisco RoomOS Software RoomOS 10.19.2.2\nCisco Cisco RoomOS Software RoomOS 11.1.3.1\nCisco Cisco RoomOS Software RoomOS 10.11.6.0\nCisco Cisco RoomOS Software RoomOS 10.19.3.0\nCisco Cisco RoomOS Software RoomOS 10.19.4.2\nCisco Cisco RoomOS Software RoomOS 10.3.2.4\nCisco Cisco RoomOS Software RoomOS 10.3.4.0\nCisco Cisco RoomOS Software RoomOS 10.15.3.0\nCisco Cisco RoomOS Software RoomOS 11.1.4.1\nCisco Cisco RoomOS Software RoomOS 11.14.2.3\nCisco Cisco RoomOS Software RoomOS 11.1.2.4\nCisco Cisco RoomOS Software RoomOS 10.8.3.1\nCisco Cisco RoomOS Software RoomOS 11.14.2.1\nCisco Cisco RoomOS Software RoomOS 10.3.3.0\nCisco Cisco RoomOS Software RoomOS 10.8.4.0\nCisco Cisco RoomOS Software RoomOS 10.15.4.1\nCisco Cisco RoomOS Software RoomOS 10.19.5.6\nCisco Cisco RoomOS Software RoomOS 10.11.4.1\nCisco Cisco RoomOS Software RoomOS 11.9.3.1\nCisco Cisco RoomOS Software RoomOS 11.5.3.3\nCisco Cisco RoomOS Software RoomOS 10.3.2.0\nCisco Cisco RoomOS Software RoomOS 11.9.2.4\nCisco Cisco RoomOS Software RoomOS 11.14.3.0\nCisco Cisco RoomOS Software RoomOS 11.17.2.2\nCisco Cisco RoomOS Software RoomOS 11.14.4.0\nCisco Cisco RoomOS Software RoomOS 10.19 StepUpg\nCisco Cisco RoomOS Software RoomOS 11.17.3.0\nCisco Cisco RoomOS Software RoomOS 11.20.2.3\nCisco Cisco RoomOS Software RoomOS 11.14.5.0\nCisco Cisco RoomOS Software RoomOS 11.17.4.0\nCisco Cisco RoomOS Software RoomOS 11.20.3.0\nCisco Cisco RoomOS Software RoomOS 11.23.1.6\nCisco Cisco RoomOS Software RoomOS 11.23.1.8\nCisco Cisco RoomOS Software RoomOS 11.24.1.5\nCisco Cisco RoomOS Software RoomOS 11.24.2.4\nCisco Cisco RoomOS Software RoomOS 11.24.3.0\nCisco Cisco RoomOS Software RoomOS 11.24.4.1\nCisco Cisco RoomOS Software RoomOS 11.27.2.0\nCisco Cisco RoomOS Software RoomOS 11.28.1.3\nCisco Cisco RoomOS Software RoomOS 11.27.3.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cisco RoomOS Software",
    "version": "RoomOS 10.11.2.2",
    "vendor": "Cisco",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability_CVE-2025-20329

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply