CVE-2025-20335

CWE-284 — Improper Access Control CWE-200 — Information Exposure4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.0%

top 86.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Desk Phone 9841 Firmware Cisco Desk Phone 9851 Firmware Cisco Desk Phone 9861 Firmware +15 more

Timeline

PublishedSep 3

Latest updateJan 5

Description

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific di…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages18 packages

▶NVDcisco/video_phone_8875_firmware3.0\(1\) — 3.3\(1\)+2

▶NVDcisco/desk_phone_9841_firmware3.0\(1\) — 3.3\(1\)

▶NVDcisco/desk_phone_9851_firmware3.0\(1\) — 3.3\(1\)

▶NVDcisco/desk_phone_9861_firmware3.0\(1\) — 3.3\(1\)

▶NVDcisco/desk_phone_9871_firmware3.0\(1\) — 3.3\(1\)

🔴Vulnerability Details

GHSA

GHSA-8v48-phm3-pw95: A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could al↗2026-01-05

▶

CVEList

Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Arbitrary File Write Vulnerability↗2025-09-03

▶

📋Vendor Advisories

Cisco

Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Software Vulnerabilities↗2025-09-03

▶