CVE-2025-20351

Name of the Vulnerable Software and Affected Versions Cisco Desk Phone 9800 Series Cisco IP Phone 7800 and 8800 Series Cisco Video Phone 8875

Description A flaw exists in the web UI of the affected devices running Cisco SIP Software that may allow a remote attacker to perform cross-site scripting (XSS) attacks against a user of the web UI. The issue is due to insufficient validation of user-supplied input by the web UI. An attacker could exploit this by convincing a user to click a crafted link, potentially allowing the execution of arbitrary script code or access to sensitive browser-based information. To exploit this, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.