Strix
26.1K

CVE-2025-20351

MEDIUMCVSS 6.1/10EPSS 0.26%

Last modified

CVE-2025-20351 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. EPSS estimates a 0.26% chance of exploitation in the next 30 days.

Description

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.

Metrics

CVSS 3.1
6.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Probability
0.26%

17.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
CiscoDesk Phone 9871 Firmware>= 3.0\(1\), <= 3.2\(1\)
CiscoDesk Phone 9841 Firmware>= 3.0\(1\), <= 3.2\(1\)
CiscoDesk Phone 9851 Firmware>= 3.0\(1\), <= 3.2\(1\)
CiscoDesk Phone 9861 Firmware>= 3.0\(1\), <= 3.2\(1\)
CiscoIp Phone 8865 Firmware< 14.3\(1\)
CiscoIp Phone 8865 Firmware14.3\(1\)
CiscoIp Phone 7811 Firmware< 14.3\(1\)
CiscoIp Phone 7811 Firmware14.3\(1\)
CiscoIp Phone 7821 Firmware< 14.3\(1\)
CiscoIp Phone 7821 Firmware14.3\(1\)
CiscoIp Phone 7841 Firmware< 14.3\(1\)
CiscoIp Phone 7841 Firmware14.3\(1\)
CiscoIp Phone 7861 Firmware< 14.3\(1\)
CiscoIp Phone 7861 Firmware14.3\(1\)
CiscoIp Phone 8811 Firmware< 14.3\(1\)
CiscoIp Phone 8811 Firmware14.3\(1\)
CiscoIp Phone 8832 Firmware< 14.3\(1\)
CiscoIp Phone 8832 Firmware14.3\(1\)
CiscoIp Phone 8841 Firmware< 14.3\(1\)
CiscoIp Phone 8841 Firmware14.3\(1\)
CiscoIp Phone 8845 Firmware< 14.3\(1\)
CiscoIp Phone 8845 Firmware14.3\(1\)
CiscoIp Phone 8851 Firmware< 14.3\(1\)
CiscoIp Phone 8851 Firmware14.3\(1\)
CiscoIp Phone 8861 Firmware< 14.3\(1\)
CiscoIp Phone 8861 Firmware14.3\(1\)
CiscoIp Phone 8821 Firmware< 11.0\(1\)
CiscoIp Phone 8821 Firmware11.0\(0.7\)Mpp
CiscoIp Phone 8821 Firmware11.0\(1\)
CiscoIp Phone 8821 Firmware11.0\(2\)
CiscoIp Phone 8821 Firmware11.0\(3\)
CiscoIp Phone 8821 Firmware11.0\(4\)
CiscoIp Phone 8821 Firmware11.0\(5\)
CiscoIp Phone 8821 Firmware11.0\(6\)
CiscoVideo Phone 8875 Firmware< 2.3\(1\)
CiscoVideo Phone 8875 Firmware>= 3.0\(1\), <= 3.2\(1\)
CiscoVideo Phone 8875 Firmware2.3\(1\)

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2025-20351?
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.
How severe is CVE-2025-20351?
CVE-2025-20351 has a CVSS score of 6.1/10 (MEDIUM severity). The EPSS model estimates a 0.26% probability of exploitation in the next 30 days.
How do I fix CVE-2025-20351?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-20351?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST