CVE-2025-20329

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Collaboration Endpoint and Cisco RoomOS Software (affected versions not specified)

Description A flaw exists in the logging component that may allow a remote attacker with administrative access to view sensitive information in clear text. The issue stems from unencrypted credentials being stored when SIP media component logging is enabled. An attacker could access audit logs on an affected system and obtain credentials, potentially gaining access to confidential information, including personally identifiable information (PII). The attacker must have valid administrative credentials to access the logs stored in the Webex Cloud or on the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.