CVE-2025-20350
Last modified
CVE-2025-20350 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. EPSS estimates a 0.45% chance of exploitation in the next 30 days.
Description
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Cisco | Desk Phone 9871 Firmware | >= 3.0\(1\), <= 3.2\(1\) | — |
| Cisco | Desk Phone 9841 Firmware | >= 3.0\(1\), <= 3.2\(1\) | — |
| Cisco | Desk Phone 9851 Firmware | >= 3.0\(1\), <= 3.2\(1\) | — |
| Cisco | Desk Phone 9861 Firmware | >= 3.0\(1\), <= 3.2\(1\) | — |
| Cisco | Ip Phone 8865 Firmware | < 14.3\(1\) | — |
| Cisco | Ip Phone 8865 Firmware | 14.3\(1\) | — |
| Cisco | Ip Phone 7811 Firmware | < 14.3\(1\) | — |
| Cisco | Ip Phone 7811 Firmware | 14.3\(1\) | — |
| Cisco | Ip Phone 7821 Firmware | < 14.3\(1\) | — |
| Cisco | Ip Phone 7821 Firmware | 14.3\(1\) | — |
| Cisco | Ip Phone 7841 Firmware | < 14.3\(1\) | — |
| Cisco | Ip Phone 7841 Firmware | 14.3\(1\) | — |
| Cisco | Ip Phone 7861 Firmware | < 14.3\(1\) | — |
| Cisco | Ip Phone 7861 Firmware | 14.3\(1\) | — |
| Cisco | Ip Phone 8811 Firmware | < 14.3\(1\) | — |
| Cisco | Ip Phone 8811 Firmware | 14.3\(1\) | — |
| Cisco | Ip Phone 8832 Firmware | < 14.3\(1\) | — |
| Cisco | Ip Phone 8832 Firmware | 14.3\(1\) | — |
| Cisco | Ip Phone 8841 Firmware | < 14.3\(1\) | — |
| Cisco | Ip Phone 8841 Firmware | 14.3\(1\) | — |
| Cisco | Ip Phone 8845 Firmware | < 14.3\(1\) | — |
| Cisco | Ip Phone 8845 Firmware | 14.3\(1\) | — |
| Cisco | Ip Phone 8851 Firmware | < 14.3\(1\) | — |
| Cisco | Ip Phone 8851 Firmware | 14.3\(1\) | — |
| Cisco | Ip Phone 8861 Firmware | < 14.3\(1\) | — |
| Cisco | Ip Phone 8861 Firmware | 14.3\(1\) | — |
| Cisco | Video Phone 8875 Firmware | < 2.3\(1\) | — |
| Cisco | Video Phone 8875 Firmware | >= 3.0\(1\), <= 3.2\(1\) | — |
| Cisco | Video Phone 8875 Firmware | 2.3\(1\) | — |
| Cisco | Ip Phone 8821 Firmware | < 11.0\(1\) | — |
| Cisco | Ip Phone 8821 Firmware | 11.0\(0.7\) | Mpp |
| Cisco | Ip Phone 8821 Firmware | 11.0\(1\) | — |
| Cisco | Ip Phone 8821 Firmware | 11.0\(2\) | — |
| Cisco | Ip Phone 8821 Firmware | 11.0\(3\) | — |
| Cisco | Ip Phone 8821 Firmware | 11.0\(4\) | — |
| Cisco | Ip Phone 8821 Firmware | 11.0\(5\) | — |
| Cisco | Ip Phone 8821 Firmware | 11.0\(6\) | — |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-20350?
How severe is CVE-2025-20350?
How do I fix CVE-2025-20350?
Are you affected by CVE-2025-20350?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST