CVE-2025-20350

Name of the Vulnerable Software and Affected Versions Cisco Desk Phone 9800 Series Cisco IP Phone 7800 Series Cisco IP Phone 8800 Series Cisco Video Phone 8875

Description A flaw exists in the web UI of the listed Cisco phone series running Cisco SIP Software that could allow a remote, unauthenticated attacker to cause a Denial of Service (DoS) condition. This is due to a buffer overflow when the device processes HTTP packets. An attacker could exploit this by sending crafted HTTP input to the device, potentially causing it to reload and become unavailable. To exploit this, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled.

Recommendations Disable Web Access on Cisco Desk Phone 9800 Series devices. Disable Web Access on Cisco IP Phone 7800 Series devices. Disable Web Access on Cisco IP Phone 8800 Series devices. Disable Web Access on Cisco Video Phone 8875 devices.