Multiple Cisco desk, IP, and video phones are at risk of remote denial-of-service (DoS) and cross-site scripting (XSS) attacks due to flaws in their Session Initiation Protocol (SIP) software.
The weaknesses affect Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models when they are registered to Cisco Unified Communications Manager with Web Access enabled. No workarounds are available, so updating to the fixed releases is essential.
Cisco released Advisory ID cisco-sa-phone-dos-FPyjLV7A on October 15, 2025, disclosing two distinct vulnerabilities.
One flaw allows an unauthenticated attacker to send specially crafted HTTP packets to trigger a buffer overflow, causing the device to reload and resulting in a DoS condition.
The other flaw enables an attacker to inject malicious scripts via unsanitized user input, leading to an XSS attack against the device’s web interface. Both weaknesses require Web Access to be active; this feature is disabled by default.
Customers must upgrade affected devices to the fixed SIP software versions listed in Cisco’s advisory, as there are no temporary workarounds.
Disabling Web Access will mitigate the risks, but it may also hinder device management functions. Administrators can toggle the Web Access setting through the Communications Manager or use the Bulk Administration Tool for large-scale changes.
Within the advisory, Cisco provides detailed information on the vulnerabilities, including bug IDs and software release guidance. The table below summarizes the two CVE identifiers and their key metrics:
| CVE ID | Vulnerability Type | CVSS Base Score | Security Impact |
| CVE-2025-20350 | Remote DoS (Buffer Overflow) | 7.5 | High |
| CVE-2025-20351 | Cross-Site Scripting (XSS) | 6.1 | Medium |
Cisco has confirmed that these vulnerabilities do not affect devices running their Multiplatform Firmware.
Roadmaps for fixed software releases are clearly documented: Desk Phone 9800 Series is safe starting with SIP Software 3.3(1), IP Phone 7800 and 8800 Series require 14.3(1)SR2 or later, and Video Phone 8875 is protected in SIP Software 3.3(1) or later.
Impact on enterprises could be significant for organizations that rely on these phones for daily communication.
A successful DoS attack could knock dozens of devices offline, disrupting voice services. An XSS attack could expose sensitive session data or allow attackers to execute arbitrary scripts, compromising administrative sessions.
Given the ease of triggering these flaws remotely, delaying updates increases exposure and operational risk.
Administrators should immediately verify Web Access status on all registered phones. To check, use the phone’s Settings menu to find its IP address, then attempt to browse to that address.
If the device information page appears, Web Access is enabled. Following verification, schedule updates during a maintenance window to minimize disruption.
For environments with many devices, the Bulk Administration Tool offers a streamlined update path.
By prioritizing these updates, organizations will safeguard their communication infrastructure against these critical vulnerabilities.
Continuous monitoring of Cisco’s security advisories and prompt application of patches remain the best defense against emerging threats.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
