CVE-2025-20350

Published: Oct 15, 2025Modified: Dec 4, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: psirt@cisco.com (Secondary)

Description

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.

Affected (68)

Products: Cisco: Desk Phone 9871 Firmware, Desk Phone 9841 Firmware, Desk Phone 9851 Firmware, Desk Phone 9861 Firmware, Ip Phone 8865 Firmware, Ip Phone 7811 Firmware, Ip Phone 7821 Firmware, Ip Phone 7841 Firmware, Ip Phone 7861 Firmware, Ip Phone 8811 Firmware, Ip Phone 8832 Firmware, Ip Phone 8841 Firmware, Ip Phone 8845 Firmware, Ip Phone 8851 Firmware, Ip Phone 8861 Firmware, Video Phone 8875 Firmware, Ip Phone 8821 Firmware

Cisco

17 products

Desk Phone 9871 Firmware

Desk Phone 9841 Firmware

Desk Phone 9851 Firmware

Desk Phone 9861 Firmware

Ip Phone 8865 Firmware

Ip Phone 7811 Firmware

Ip Phone 7821 Firmware

Ip Phone 7841 Firmware

Ip Phone 7861 Firmware

Ip Phone 8811 Firmware

Ip Phone 8832 Firmware

Ip Phone 8841 Firmware

Ip Phone 8845 Firmware

Ip Phone 8851 Firmware

Ip Phone 8861 Firmware

Video Phone 8875 Firmware

Ip Phone 8821 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Desk Phone 9871 Firmware	From 3.0\(1\) to 3.2\(1\)

Running on/with	Platform Versions
Cisco Desk Phone 9871	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Desk Phone 9841 Firmware	From 3.0\(1\) to 3.2\(1\)

Running on/with	Platform Versions
Cisco Desk Phone 9841	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Desk Phone 9851 Firmware	From 3.0\(1\) to 3.2\(1\)

Running on/with	Platform Versions
Cisco Desk Phone 9851	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Desk Phone 9861 Firmware	From 3.0\(1\) to 3.2\(1\)

Running on/with	Platform Versions
Cisco Desk Phone 9861	All versions

Configuration E

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8865 Firmware	Before 14.3\(1\)
Cisco Ip Phone 8865 Firmware	Version 14.3(1)
Cisco Ip Phone 8865 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 8865	All versions

Configuration F

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7811 Firmware	Before 14.3\(1\)
Cisco Ip Phone 7811 Firmware	Version 14.3(1)
Cisco Ip Phone 7811 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 7811	All versions

Configuration G

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7821 Firmware	Before 14.3\(1\)
Cisco Ip Phone 7821 Firmware	Version 14.3(1)
Cisco Ip Phone 7821 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 7821	All versions

Configuration H

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7841 Firmware	Before 14.3\(1\)
Cisco Ip Phone 7841 Firmware	Version 14.3(1)
Cisco Ip Phone 7841 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 7841	All versions

Configuration I

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7861 Firmware	Before 14.3\(1\)
Cisco Ip Phone 7861 Firmware	Version 14.3(1)
Cisco Ip Phone 7861 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 7861	All versions

Configuration J

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8811 Firmware	Before 14.3\(1\)
Cisco Ip Phone 8811 Firmware	Version 14.3(1)
Cisco Ip Phone 8811 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 8811	All versions

Configuration K

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8832 Firmware	Before 14.3\(1\)
Cisco Ip Phone 8832 Firmware	Version 14.3(1)
Cisco Ip Phone 8832 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 8832	All versions

Configuration L

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8841 Firmware	Before 14.3\(1\)
Cisco Ip Phone 8841 Firmware	Version 14.3(1)
Cisco Ip Phone 8841 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 8841	All versions

Configuration M

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8845 Firmware	Before 14.3\(1\)
Cisco Ip Phone 8845 Firmware	Version 14.3(1)
Cisco Ip Phone 8845 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 8845	All versions

Configuration N

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8851 Firmware	Before 14.3\(1\)
Cisco Ip Phone 8851 Firmware	Version 14.3(1)
Cisco Ip Phone 8851 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 8851	All versions

Configuration O

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8861 Firmware	Before 14.3\(1\)
Cisco Ip Phone 8861 Firmware	Version 14.3(1)
Cisco Ip Phone 8861 Firmware	Version 14.3(1) sr1

Running on/with	Platform Versions
Cisco Ip Phone 8861	All versions

Configuration P

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Video Phone 8875 Firmware	Before 2.3\(1\)
Cisco Video Phone 8875 Firmware	From 3.0\(1\) to 3.2\(1\)
Cisco Video Phone 8875 Firmware	Version 2.3(1)
Cisco Video Phone 8875 Firmware	Version 2.3(1) sr1

Running on/with	Platform Versions
Cisco Video Phone 8875	All versions

Configuration Q

27 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8821 Firmware	Before 11.0\(1\)
Cisco Ip Phone 8821 Firmware	Version 11.0(0.7) mpp
Cisco Ip Phone 8821 Firmware	Version 11.0(1)
Cisco Ip Phone 8821 Firmware	Version 11.0(2)
Cisco Ip Phone 8821 Firmware	Version 11.0(2) sr1
Cisco Ip Phone 8821 Firmware	Version 11.0(2) sr2
Cisco Ip Phone 8821 Firmware	Version 11.0(3)
Cisco Ip Phone 8821 Firmware	Version 11.0(3) sr1
Cisco Ip Phone 8821 Firmware	Version 11.0(3) sr2
Cisco Ip Phone 8821 Firmware	Version 11.0(3) sr3
Cisco Ip Phone 8821 Firmware	Version 11.0(3) sr4
Cisco Ip Phone 8821 Firmware	Version 11.0(3) sr5
Cisco Ip Phone 8821 Firmware	Version 11.0(3) sr6
Cisco Ip Phone 8821 Firmware	Version 11.0(4)
Cisco Ip Phone 8821 Firmware	Version 11.0(4) sr1
Cisco Ip Phone 8821 Firmware	Version 11.0(4) sr2
Cisco Ip Phone 8821 Firmware	Version 11.0(4) sr3
Cisco Ip Phone 8821 Firmware	Version 11.0(5)
Cisco Ip Phone 8821 Firmware	Version 11.0(5) sr1
Cisco Ip Phone 8821 Firmware	Version 11.0(5) sr2
Cisco Ip Phone 8821 Firmware	Version 11.0(5) sr3
Cisco Ip Phone 8821 Firmware	Version 11.0(6)
Cisco Ip Phone 8821 Firmware	Version 11.0(6) sr1
Cisco Ip Phone 8821 Firmware	Version 11.0(6) sr2
Cisco Ip Phone 8821 Firmware	Version 11.0(6) sr4
Cisco Ip Phone 8821 Firmware	Version 11.0(6) sr5
Cisco Ip Phone 8821 Firmware	Version 11.0(6) sr6

Running on/with	Platform Versions
Cisco Ip Phone 8821	All versions

Related CWEs

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-dos-FPyjLV7A

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.