CVE-2025-20350
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-15

Last updated on: 2025-12-04

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-15
Last Modified
2025-12-04
Generated
2026-06-16
AI Q&A
2025-10-15
EPSS Evaluated
2026-06-15
NVD
CVE-2025-20350
EUVD
EUVD-2025-34667
Affected Vendors & Products
Showing 85 associated CPEs
Vendor Product Version / Range
cisco desk_phone_9871_firmware From 3.0\(1\) (inc) to 3.2\(1\) (inc)
cisco desk_phone_9871 *
cisco desk_phone_9841_firmware From 3.0\(1\) (inc) to 3.2\(1\) (inc)
cisco desk_phone_9841 *
cisco desk_phone_9851_firmware From 3.0\(1\) (inc) to 3.2\(1\) (inc)
cisco desk_phone_9851 *
cisco desk_phone_9861_firmware From 3.0\(1\) (inc) to 3.2\(1\) (inc)
cisco desk_phone_9861 *
cisco ip_phone_8865_firmware to 14.3\(1\) (exc)
cisco ip_phone_8865_firmware 14.3\(1\)
cisco ip_phone_8865_firmware 14.3\(1\)
cisco ip_phone_8865 *
cisco ip_phone_7811_firmware to 14.3\(1\) (exc)
cisco ip_phone_7811_firmware 14.3\(1\)
cisco ip_phone_7811_firmware 14.3\(1\)
cisco ip_phone_7811 *
cisco ip_phone_7821_firmware to 14.3\(1\) (exc)
cisco ip_phone_7821_firmware 14.3\(1\)
cisco ip_phone_7821_firmware 14.3\(1\)
cisco ip_phone_7821 *
cisco ip_phone_7841_firmware to 14.3\(1\) (exc)
cisco ip_phone_7841_firmware 14.3\(1\)
cisco ip_phone_7841_firmware 14.3\(1\)
cisco ip_phone_7841 *
cisco ip_phone_7861_firmware to 14.3\(1\) (exc)
cisco ip_phone_7861_firmware 14.3\(1\)
cisco ip_phone_7861_firmware 14.3\(1\)
cisco ip_phone_7861 *
cisco ip_phone_8811_firmware to 14.3\(1\) (exc)
cisco ip_phone_8811_firmware 14.3\(1\)
cisco ip_phone_8811_firmware 14.3\(1\)
cisco ip_phone_8811 *
cisco ip_phone_8832_firmware to 14.3\(1\) (exc)
cisco ip_phone_8832_firmware 14.3\(1\)
cisco ip_phone_8832_firmware 14.3\(1\)
cisco ip_phone_8832 *
cisco ip_phone_8841_firmware to 14.3\(1\) (exc)
cisco ip_phone_8841_firmware 14.3\(1\)
cisco ip_phone_8841_firmware 14.3\(1\)
cisco ip_phone_8841 *
cisco ip_phone_8845_firmware to 14.3\(1\) (exc)
cisco ip_phone_8845_firmware 14.3\(1\)
cisco ip_phone_8845_firmware 14.3\(1\)
cisco ip_phone_8845 *
cisco ip_phone_8851_firmware to 14.3\(1\) (exc)
cisco ip_phone_8851_firmware 14.3\(1\)
cisco ip_phone_8851_firmware 14.3\(1\)
cisco ip_phone_8851 *
cisco ip_phone_8861_firmware to 14.3\(1\) (exc)
cisco ip_phone_8861_firmware 14.3\(1\)
cisco ip_phone_8861_firmware 14.3\(1\)
cisco ip_phone_8861 *
cisco video_phone_8875_firmware to 2.3\(1\) (exc)
cisco video_phone_8875_firmware From 3.0\(1\) (inc) to 3.2\(1\) (inc)
cisco video_phone_8875_firmware 2.3\(1\)
cisco video_phone_8875_firmware 2.3\(1\)
cisco video_phone_8875 *
cisco ip_phone_8821_firmware to 11.0\(1\) (exc)
cisco ip_phone_8821_firmware 11.0\(0.7\)
cisco ip_phone_8821_firmware 11.0\(1\)
cisco ip_phone_8821_firmware 11.0\(2\)
cisco ip_phone_8821_firmware 11.0\(2\)
cisco ip_phone_8821_firmware 11.0\(2\)
cisco ip_phone_8821_firmware 11.0\(3\)
cisco ip_phone_8821_firmware 11.0\(3\)
cisco ip_phone_8821_firmware 11.0\(3\)
cisco ip_phone_8821_firmware 11.0\(3\)
cisco ip_phone_8821_firmware 11.0\(3\)
cisco ip_phone_8821_firmware 11.0\(3\)
cisco ip_phone_8821_firmware 11.0\(3\)
cisco ip_phone_8821_firmware 11.0\(4\)
cisco ip_phone_8821_firmware 11.0\(4\)
cisco ip_phone_8821_firmware 11.0\(4\)
cisco ip_phone_8821_firmware 11.0\(4\)
cisco ip_phone_8821_firmware 11.0\(5\)
cisco ip_phone_8821_firmware 11.0\(5\)
cisco ip_phone_8821_firmware 11.0\(5\)
cisco ip_phone_8821_firmware 11.0\(5\)
cisco ip_phone_8821_firmware 11.0\(6\)
cisco ip_phone_8821_firmware 11.0\(6\)
cisco ip_phone_8821_firmware 11.0\(6\)
cisco ip_phone_8821_firmware 11.0\(6\)
cisco ip_phone_8821_firmware 11.0\(6\)
cisco ip_phone_8821_firmware 11.0\(6\)
cisco ip_phone_8821 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a buffer overflow in the web UI of certain Cisco Desk Phones and Video Phones running Cisco SIP Software. It occurs when the device processes specially crafted HTTP packets, which can cause the device to reload unexpectedly, leading to a denial of service (DoS) condition. Exploitation requires the phone to be registered to Cisco Unified Communications Manager and have Web Access enabled, which is disabled by default.

Impact Analysis

An attacker could exploit this vulnerability remotely without authentication to cause the affected device to reload, resulting in a denial of service (DoS) condition. This could disrupt phone communications and availability.

Mitigation Strategies

To mitigate this vulnerability, ensure that Web Access is disabled on affected Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 devices, as Web Access is disabled by default. Additionally, ensure phones are not unnecessarily registered to Cisco Unified Communications Manager with Web Access enabled. Monitor for firmware updates or patches from Cisco to address this vulnerability and apply them promptly once available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-20350. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart