CVE-2025-20335

Published: Sep 3, 2025Modified: Jan 5, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: psirt@cisco.com (Secondary)

Description

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system. Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.

Affected (48)

Products: Cisco: Desk Phone 9841 Firmware, Desk Phone 9851 Firmware, Desk Phone 9861 Firmware, Desk Phone 9871 Firmware, Ip Phone 7811 Firmware, Ip Phone 7821 Firmware, Ip Phone 7841 Firmware, Ip Phone 7861 Firmware, Ip Phone 8811 Firmware, Ip Phone 8841 Firmware, Ip Phone 8845 Firmware, Ip Phone 8851 Firmware, Ip Phone 8851nr Firmware, Ip Phone 8861 Firmware, Ip Phone 8865 Firmware, Video Phone 8875 Firmware, Ip Phone 8821 Firmware

Cisco

17 products

Desk Phone 9841 Firmware

Desk Phone 9851 Firmware

Desk Phone 9861 Firmware

Desk Phone 9871 Firmware

Ip Phone 7811 Firmware

Ip Phone 7821 Firmware

Ip Phone 7841 Firmware

Ip Phone 7861 Firmware

Ip Phone 8811 Firmware

Ip Phone 8841 Firmware

Ip Phone 8845 Firmware

Ip Phone 8851 Firmware

Ip Phone 8851nr Firmware

Ip Phone 8861 Firmware

Ip Phone 8865 Firmware

Video Phone 8875 Firmware

Ip Phone 8821 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Desk Phone 9841 Firmware	From 3.0\(1\) to 3.3\(1\)

Running on/with	Platform Versions
Cisco Desk Phone 9841	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Desk Phone 9851 Firmware	From 3.0\(1\) to 3.3\(1\)

Running on/with	Platform Versions
Cisco Desk Phone 9851	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Desk Phone 9861 Firmware	From 3.0\(1\) to 3.3\(1\)

Running on/with	Platform Versions
Cisco Desk Phone 9861	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Desk Phone 9871 Firmware	From 3.0\(1\) to 3.3\(1\)

Running on/with	Platform Versions
Cisco Desk Phone 9871	All versions

Configuration E

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7811 Firmware	Before 14.3\(1\)
Cisco Ip Phone 7811 Firmware	Version 14.3(1)
Cisco Ip Phone 7811 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 7811	All versions

Configuration F

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7821 Firmware	Before 14.3\(1\)
Cisco Ip Phone 7821 Firmware	Version 14.3(1)
Cisco Ip Phone 7821 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 7821	All versions

Configuration G

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7841 Firmware	Before 14.3\(1\)
Cisco Ip Phone 7841 Firmware	Version 14.3(1)
Cisco Ip Phone 7841 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 7841	All versions

Configuration H

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7861 Firmware	Before 14.3\(1\)
Cisco Ip Phone 7861 Firmware	Version 14.3(1)
Cisco Ip Phone 7861 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 7861	All versions

Configuration I

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8811 Firmware	Before 14.3\(1\)
Cisco Ip Phone 8811 Firmware	Version 14.3(1)
Cisco Ip Phone 8811 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 8811	All versions

Configuration J

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8841 Firmware	Before 14.3\(1\)
Cisco Ip Phone 8841 Firmware	Version 14.3(1)
Cisco Ip Phone 8841 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 8841	All versions

Configuration K

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8845 Firmware	Before 14.3\(1\)
Cisco Ip Phone 8845 Firmware	Version 14.3(1)
Cisco Ip Phone 8845 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 8845	All versions

Configuration L

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8851 Firmware	Before 14.3\(1\)
Cisco Ip Phone 8851 Firmware	Version 14.3(1)
Cisco Ip Phone 8851 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 8851	All versions

Configuration M

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8851nr Firmware	Before 14.3\(1\)
Cisco Ip Phone 8851nr Firmware	Version 14.3(1)
Cisco Ip Phone 8851nr Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 8851nr	All versions

Configuration N

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8861 Firmware	Before 14.3\(1\)
Cisco Ip Phone 8861 Firmware	Version 14.3(1)
Cisco Ip Phone 8861 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 8861	All versions

Configuration O

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8865 Firmware	Before 14.3\(1\)
Cisco Ip Phone 8865 Firmware	Version 14.3(1)
Cisco Ip Phone 8865 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 8865	All versions

Configuration P

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Video Phone 8875 Firmware	Before 2.3\(1\)
Cisco Video Phone 8875 Firmware	From 3.0\(1\) to 3.3\(1\)
Cisco Video Phone 8875 Firmware	Version 2.3(1)
Cisco Video Phone 8875 Firmware	Version 2.3(1) sr1

Running on/with	Platform Versions
Cisco Video Phone 8875	All versions

Configuration Q

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8821 Firmware	Before 11.0\(6\)
Cisco Ip Phone 8821 Firmware	Version 11.0(6)
Cisco Ip Phone 8821 Firmware	Version 11.0(6) sr1
Cisco Ip Phone 8821 Firmware	Version 11.0(6) sr2
Cisco Ip Phone 8821 Firmware	Version 11.0(6) sr4
Cisco Ip Phone 8821 Firmware	Version 11.0(6) sr5
Cisco Ip Phone 8821 Firmware	Version 11.0(6) sr6

Running on/with	Platform Versions
Cisco Ip Phone 8821	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-write-g3kcC5Df

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.