Cisco has recently identified multiple security vulnerabilities affecting its Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models operating on Cisco Session Initiation Protocol (SIP) Software. These vulnerabilities could allow unauthenticated remote attackers to initiate denial-of-service (DoS) conditions or execute cross-site scripting (XSS) attacks through the devices’ web user interface.
The primary concern is a high-severity buffer overflow vulnerability, designated as CVE-2025-20350, with a CVSS 3.1 score of 7.5. This flaw arises when the affected devices process specially crafted HTTP packets, potentially causing the phones to reload and disrupt operations. Exploitation of this vulnerability requires no privileges and can be executed over the network with low complexity, leading to temporary unavailability of communication services.
Another identified issue, CVE-2025-20351, is a medium-severity XSS vulnerability with a CVSS score of 6.1. Due to inadequate input validation in the web UI, attackers can inject malicious scripts by tricking users into clicking crafted links. Successful exploitation could result in the theft of session data or manipulation of the interface, though it requires user interaction.
These vulnerabilities specifically target certain Cisco SIP Software releases across the mentioned phone series, excluding those on Multiplatform Firmware. Exploitation is contingent upon Web Access being active and the devices being registered to Cisco Unified Communications Manager (CUCM), conditions not met in standard setups. As of now, no public exploits or malicious uses have been reported.
Mitigation Strategies:
Cisco has not provided direct workarounds beyond disabling Web Access through CUCM administration or the Bulk Administration Tool. Administrators can verify the status by checking the phone’s IP in a browser. To fully address these vulnerabilities, Cisco has released fixed software versions:
– SIP Software 3.3(1) for Desk Phone 9800 and Video Phone 8875
– 14.3(1)SR2 for IP Phone 7800/8800
– 11.0(6)SR7 for IP Phone 8821
Users are strongly advised to upgrade to these versions promptly to prevent potential disruptions, as these patches fully address the identified flaws without impacting core functionality.
