CVE-2025-20350

Q: What is the severity of CVE-2025-20350?

CVE-2025-20350 has a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability in Cisco phone web interfaces allows unauthenticated remote attackers to cause denial of service by sending crafted HTTP packets. This affects Cisco Desk Phone 9800 Series, IP Phone 7800/8800 Series, and Video Phone 8875 running Cisco SIP Software. Exploitation requires the phone to be registered to Cisco Unified Communications Manager with Web Access enabled.

7.5 HIGH

Denial of Service Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in Cisco phone web interfaces allows unauthenticated remote attackers to cause denial of service by sending crafted HTTP packets. This affects Cisco Desk Phone 9800 Series, IP Phone 7800/8800 Series, and Video Phone 8875 running Cisco SIP Software. Exploitation requires the phone to be registered to Cisco Unified Communications Manager with Web Access enabled.

💻 Affected Systems

Products:

Cisco Desk Phone 9800 Series
Cisco IP Phone 7800 Series
Cisco IP Phone 8800 Series
Cisco Video Phone 8875

Versions: All versions running Cisco SIP Software with vulnerable web UI

Operating Systems: Cisco SIP Software

Default Config Vulnerable: ✅ No

Notes: Vulnerability requires: 1) Phone registered to Cisco Unified Communications Manager, 2) Web Access enabled (disabled by default)

📦 What is this software?

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Desk Phone 9841 Firmware by Cisco

Desk Phone 9851 Firmware by Cisco

Desk Phone 9861 Firmware by Cisco

Desk Phone 9871 Firmware by Cisco

Ip Phone 7811 Firmware by Cisco

Ip Phone 7811 Firmware by Cisco

Ip Phone 7811 Firmware by Cisco

Ip Phone 7821 Firmware by Cisco

Ip Phone 7821 Firmware by Cisco

Ip Phone 7821 Firmware by Cisco

Ip Phone 7841 Firmware by Cisco

Ip Phone 7841 Firmware by Cisco

Ip Phone 7841 Firmware by Cisco

Ip Phone 7861 Firmware by Cisco

Ip Phone 7861 Firmware by Cisco

Ip Phone 7861 Firmware by Cisco

Ip Phone 8811 Firmware by Cisco

Ip Phone 8811 Firmware by Cisco

Ip Phone 8811 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8821 Firmware by Cisco

Ip Phone 8832 Firmware by Cisco

Ip Phone 8832 Firmware by Cisco

Ip Phone 8832 Firmware by Cisco

Ip Phone 8841 Firmware by Cisco

Ip Phone 8841 Firmware by Cisco

Ip Phone 8841 Firmware by Cisco

Ip Phone 8845 Firmware by Cisco

Ip Phone 8845 Firmware by Cisco

Ip Phone 8845 Firmware by Cisco

Ip Phone 8851 Firmware by Cisco

Ip Phone 8851 Firmware by Cisco

Ip Phone 8851 Firmware by Cisco

Ip Phone 8861 Firmware by Cisco

Ip Phone 8861 Firmware by Cisco

Ip Phone 8861 Firmware by Cisco

Ip Phone 8865 Firmware by Cisco

Ip Phone 8865 Firmware by Cisco

Ip Phone 8865 Firmware by Cisco

Video Phone 8875 Firmware by Cisco

Video Phone 8875 Firmware by Cisco

Video Phone 8875 Firmware by Cisco

Video Phone 8875 Firmware by Cisco

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds