Cisco has released a new security advisory highlighting several vulnerabilities affecting its Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models that operate on Cisco Session Initiation Protocol (SIP) Software.

Published on October 15, 2025, the advisory outlines security issues that could allow remote, unauthenticated attackers to launch denial-of-service (DoS) or cross-site scripting (XSS) attacks through the devices’ web user interface.

These vulnerabilities impact devices registered to Cisco Unified Communications Manager (CUCM) when Web Access is enabled—a feature that remains off by default to reduce exposure.

High-Severity DoS Vulnerability Threatens Device Stability
The most critical flaw, identified as CVE-2025-20350, is a buffer overflow vulnerability rated high with a CVSS v3.1 score of 7.5. It occurs when the affected devices handle specially crafted HTTP packets, potentially causing reboots and service interruptions.

Attackers can exploit this remotely without credentials or advanced technical requirements, leading to temporary disruptions in communication services. Cisco associates this issue with bug ID CSCwn51601, underscoring the potential impact on enterprise voice infrastructure.

Another issue, tracked as CVE-2025-20351, is a medium-severity XSS vulnerability rated 6.1 on the CVSS scale.

This flaw stems from insufficient input validation in the web interface, enabling attackers to inject malicious scripts via deceptive links. Successful exploitation could expose session information or alter the web UI, though it requires user interaction. The bug ID CSCwn51683 is linked to this vulnerability, reflecting continued challenges in web input handling.

The advisory confirms that these issues affect certain Cisco SIP Software versions used in the mentioned phone series, excluding those running on Multiplatform Firmware. Exploitation requires both Web Access activation and CUCM registration—conditions not typically enabled by default. Although no active exploits have been reported, organizations with these features turned on face increased exposure within their unified communications systems.

Mitigation and Updates
Cisco advises disabling Web Access through CUCM’s administration panel or via the Bulk Administration Tool as a preventive step. Administrators can verify status by entering the phone’s IP address in a browser.

The vulnerabilities are addressed in the following fixed software versions: SIP Software 3.3(1) for Desk Phone 9800 and Video Phone 8875, version 14.3(1)SR2 for IP Phone 7800/8800, and version 11.0(6)SR7 for IP Phone 8821.

Administrators are urged to upgrade immediately to prevent service disruptions. These patches resolve the issues completely while maintaining the core functionality of the devices.