CVE-2025-20351

CWE-79 — Cross-site Scripting (XSS)CWE-121 — Stack-based Buffer Overflow4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.0%

top 90.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IP Phone 7811 Firmware Cisco IP Phone 7821 Firmware Cisco IP Phone 7841 Firmware +15 more

Timeline

PublishedOct 15

Description

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow t…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages18 packages

▶NVDcisco/video_phone_8875_firmware3.0\(1\) — 3.2\(1\)+2

▶NVDcisco/desk_phone_9841_firmware3.0\(1\) — 3.2\(1\)

▶NVDcisco/desk_phone_9851_firmware3.0\(1\) — 3.2\(1\)

▶NVDcisco/desk_phone_9861_firmware3.0\(1\) — 3.2\(1\)

▶NVDcisco/desk_phone_9871_firmware3.0\(1\) — 3.2\(1\)

🔴Vulnerability Details

CVEList

Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Cross-Site Scripting Vulnerability↗2025-10-15

▶

GHSA

GHSA-q352-cxfj-h569: A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Softw↗2025-10-15

▶

📋Vendor Advisories

Cisco

Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Software Vulnerabilities↗2025-10-15

▶