Sensitive Information Disclosure in Cisco TelePresence Collaboration Endpoint and RoomOS Software
CVE-2025-20329

4.9MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Roomos Software
Vendor: CVE Published:; 15 October 2025

Badges

👾 Exploit Exists

What is CVE-2025-20329?

A significant information disclosure vulnerability exists in the logging component of Cisco TelePresence Collaboration Endpoint and Cisco RoomOS Software. This flaw permits authenticated remote attackers to access sensitive information stored in clear text. If the SIP media component logging is enabled, certain credentials may be unencrypted and available in audit logs, potentially allowing unauthorized users to retrieve this data. Attackers must possess valid administrative credentials to exploit the vulnerability; however, successful exploitation can lead to exposure of confidential information, which may include personally identifiable information (PII). Proper security measures should be implemented to safeguard sensitive data.

Affected Version(s)

Cisco RoomOS Software RoomOS 10.11.2.2

Cisco RoomOS Software RoomOS 10.15.2.2

Cisco RoomOS Software RoomOS 11.5.4.6

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Oct 15, 2025
Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Oct 10, 2024

JSON