Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800...

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device.

This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system.
Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.

Basic Information

ID CVE-2025-20335

Source cisco

Published Sep 3, 2025 at 17:41

Modified Sep 3, 2025 at 17:56

Affected Product

Vendor Cisco

Product Cisco Session Initiation Protocol (SIP) Software

Version 12.1(1)SR1

Affected Versions Cisco Cisco Session Initiation Protocol (SIP) Software 12.1(1)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 11.5(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 10.3(2)
Cisco Cisco Session Initiation Protocol (SIP) Software 10.2(2)
Cisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)SR4
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 10.4(1)SR2 3rd Party
Cisco Cisco Session Initiation Protocol (SIP) Software 11.7(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 12.1(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(0.7) MPP
Cisco Cisco Session Initiation Protocol (SIP) Software 9.3(4) 3rd Party
Cisco Cisco Session Initiation Protocol (SIP) Software 12.5(1)SR2
Cisco Cisco Session Initiation Protocol (SIP) Software 10.2(1)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 9.3(4)SR3 3rd Party
Cisco Cisco Session Initiation Protocol (SIP) Software 10.2(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 12.5(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)SR2
Cisco Cisco Session Initiation Protocol (SIP) Software 11-0-1MSR1-1
Cisco Cisco Session Initiation Protocol (SIP) Software 10.4(1) 3rd Party
Cisco Cisco Session Initiation Protocol (SIP) Software 12.5(1)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 11.5(1)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 10.1(1)SR2
Cisco Cisco Session Initiation Protocol (SIP) Software 12.0(1)SR2
Cisco Cisco Session Initiation Protocol (SIP) Software 12.6(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 10.3(1.11) 3rd Party
Cisco Cisco Session Initiation Protocol (SIP) Software 12.0(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 12.0(1)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 9.3(3)
Cisco Cisco Session Initiation Protocol (SIP) Software 12.5(1)SR3
Cisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)SR4b
Cisco Cisco Session Initiation Protocol (SIP) Software 9.3(4)SR1 3rd Party
Cisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)SR5
Cisco Cisco Session Initiation Protocol (SIP) Software 10.1(1.9)
Cisco Cisco Session Initiation Protocol (SIP) Software 10.3(1.9) 3rd Party
Cisco Cisco Session Initiation Protocol (SIP) Software 9.3(4)SR2 3rd Party
Cisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)SR3
Cisco Cisco Session Initiation Protocol (SIP) Software 10.1(1)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 12.0(1)SR3
Cisco Cisco Session Initiation Protocol (SIP) Software 12.6(1)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 12.7(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)SR6
Cisco Cisco Session Initiation Protocol (SIP) Software 12.8(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 12.7(1)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(2)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(4)
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(2)
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(4)SR3
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(5)
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(3)SR2
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(3)SR4
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(3)SR3
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(2)SR2
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(4)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(5)SR3
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(3)
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(5)SR2
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(3)SR6
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(5)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(4)SR2
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(3)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(3)SR5
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(6)
Cisco Cisco Session Initiation Protocol (SIP) Software 12.8(1)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 12.8(1)SR2
Cisco Cisco Session Initiation Protocol (SIP) Software 14.0(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 14.0(1)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(6)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)SR7
Cisco Cisco Session Initiation Protocol (SIP) Software 14.0(1)SR2
Cisco Cisco Session Initiation Protocol (SIP) Software 14.1(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 14.0(1)SR3
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(6)SR2
Cisco Cisco Session Initiation Protocol (SIP) Software 14.1(1)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 14.1(1)SR2
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(6)SR4
Cisco Cisco Session Initiation Protocol (SIP) Software 14.2(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 14.2(1)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(6)SR5
Cisco Cisco Session Initiation Protocol (SIP) Software 14.1(1)SR3
Cisco Cisco Session Initiation Protocol (SIP) Software 14.2(1)SR2
Cisco Cisco Session Initiation Protocol (SIP) Software 3.1(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 3.0(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 2.3(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 2.3(1)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 2.2(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 2.1(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 2.0(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 14.2(1)SR3
Cisco Cisco Session Initiation Protocol (SIP) Software 3.1(1)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 14.3(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 3.2(1)
Cisco Cisco Session Initiation Protocol (SIP) Software 14.3(1)SR1
Cisco Cisco Session Initiation Protocol (SIP) Software 14.2(1)SR4
Cisco Cisco Session Initiation Protocol (SIP) Software 11.0(6)SR6

References

sec.cloudapps.cisco.com /security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-write-g3kcC5Df

{
    "lastseen": "",
    "description": "A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device.\r\n\r\nThis vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.",
    "published": "2025-09-03T17:41:06.201Z",
    "modified": "2025-09-03T17:56:55.586Z",
    "type": "cve",
    "title": "Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Arbitrary File Write Vulnerability",
    "source": "cisco",
    "references": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-write-g3kcC5Df",
    "id": "CVE-2025-20335",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Cisco Cisco Session Initiation Protocol (SIP) Software 12.1(1)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 11.5(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 10.3(2)\nCisco Cisco Session Initiation Protocol (SIP) Software 10.2(2)\nCisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)SR4\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 10.4(1)SR2 3rd Party\nCisco Cisco Session Initiation Protocol (SIP) Software 11.7(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 12.1(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(0.7) MPP\nCisco Cisco Session Initiation Protocol (SIP) Software 9.3(4) 3rd Party\nCisco Cisco Session Initiation Protocol (SIP) Software 12.5(1)SR2\nCisco Cisco Session Initiation Protocol (SIP) Software 10.2(1)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 9.3(4)SR3 3rd Party\nCisco Cisco Session Initiation Protocol (SIP) Software 10.2(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 12.5(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)SR2\nCisco Cisco Session Initiation Protocol (SIP) Software 11-0-1MSR1-1\nCisco Cisco Session Initiation Protocol (SIP) Software 10.4(1) 3rd Party\nCisco Cisco Session Initiation Protocol (SIP) Software 12.5(1)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 11.5(1)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 10.1(1)SR2\nCisco Cisco Session Initiation Protocol (SIP) Software 12.0(1)SR2\nCisco Cisco Session Initiation Protocol (SIP) Software 12.6(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 10.3(1.11) 3rd Party\nCisco Cisco Session Initiation Protocol (SIP) Software 12.0(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 12.0(1)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 9.3(3)\nCisco Cisco Session Initiation Protocol (SIP) Software 12.5(1)SR3\nCisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)SR4b\nCisco Cisco Session Initiation Protocol (SIP) Software 9.3(4)SR1 3rd Party\nCisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)SR5\nCisco Cisco Session Initiation Protocol (SIP) Software 10.1(1.9)\nCisco Cisco Session Initiation Protocol (SIP) Software 10.3(1.9) 3rd Party\nCisco Cisco Session Initiation Protocol (SIP) Software 9.3(4)SR2 3rd Party\nCisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)SR3\nCisco Cisco Session Initiation Protocol (SIP) Software 10.1(1)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 12.0(1)SR3\nCisco Cisco Session Initiation Protocol (SIP) Software 12.6(1)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 12.7(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)SR6\nCisco Cisco Session Initiation Protocol (SIP) Software 12.8(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 12.7(1)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(2)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(4)\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(2)\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(4)SR3\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(5)\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(3)SR2\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(3)SR4\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(3)SR3\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(2)SR2\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(4)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(5)SR3\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(3)\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(5)SR2\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(3)SR6\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(5)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(4)SR2\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(3)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(3)SR5\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(6)\nCisco Cisco Session Initiation Protocol (SIP) Software 12.8(1)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 12.8(1)SR2\nCisco Cisco Session Initiation Protocol (SIP) Software 14.0(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 14.0(1)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(6)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 10.3(1)SR7\nCisco Cisco Session Initiation Protocol (SIP) Software 14.0(1)SR2\nCisco Cisco Session Initiation Protocol (SIP) Software 14.1(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 14.0(1)SR3\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(6)SR2\nCisco Cisco Session Initiation Protocol (SIP) Software 14.1(1)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 14.1(1)SR2\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(6)SR4\nCisco Cisco Session Initiation Protocol (SIP) Software 14.2(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 14.2(1)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(6)SR5\nCisco Cisco Session Initiation Protocol (SIP) Software 14.1(1)SR3\nCisco Cisco Session Initiation Protocol (SIP) Software 14.2(1)SR2\nCisco Cisco Session Initiation Protocol (SIP) Software 3.1(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 3.0(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 2.3(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 2.3(1)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 2.2(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 2.1(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 2.0(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 14.2(1)SR3\nCisco Cisco Session Initiation Protocol (SIP) Software 3.1(1)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 14.3(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 3.2(1)\nCisco Cisco Session Initiation Protocol (SIP) Software 14.3(1)SR1\nCisco Cisco Session Initiation Protocol (SIP) Software 14.2(1)SR4\nCisco Cisco Session Initiation Protocol (SIP) Software 11.0(6)SR6",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cisco Session Initiation Protocol (SIP) Software",
    "version": "12.1(1)SR1",
    "vendor": "Cisco",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Arbitrary File Write Vulnerability_CVE-2025-20335

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply