CVE-2025-20336

CWE-200 — Information Exposure CWE-284 — Improper Access Control4 documents4 sources

Severity

7.5HIGH

EPSS

0.0%

top 93.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Desk Phone 9841 Firmware Cisco Desk Phone 9851 Firmware Cisco Desk Phone 9861 Firmware +15 more

Timeline

PublishedSep 3

Latest updateJan 5

Description

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability exists because the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. An attacker could exploit this vulnerability by sending a crafted packet to the IP address of a …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages18 packages

▶NVDcisco/video_phone_8875_firmware3.0\(1\) — 3.3\(1\)+2

▶NVDcisco/desk_phone_9841_firmware3.0\(1\) — 3.3\(1\)

▶NVDcisco/desk_phone_9851_firmware3.0\(1\) — 3.3\(1\)

▶NVDcisco/desk_phone_9861_firmware3.0\(1\) — 3.3\(1\)

▶NVDcisco/desk_phone_9871_firmware3.0\(1\) — 3.3\(1\)

🔴Vulnerability Details

GHSA

GHSA-mrpf-c78h-6xpw: A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could al↗2026-01-05

▶

CVEList

Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Disclosure Vulnerability↗2025-09-03

▶

📋Vendor Advisories

Cisco

Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Software Vulnerabilities↗2025-09-03

▶