A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI.

This vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Cisco Subscribe
Desk Phone 9841 Subscribe
Desk Phone 9841 Firmware Subscribe
Desk Phone 9851 Subscribe
Desk Phone 9851 Firmware Subscribe
Desk Phone 9861 Subscribe
Desk Phone 9861 Firmware Subscribe
Desk Phone 9871 Subscribe
Desk Phone 9871 Firmware Subscribe
Ip Phone 7800 Subscribe
Ip Phone 7811 Subscribe
Ip Phone 7811 Firmware Subscribe
Ip Phone 7821 Subscribe
Ip Phone 7821 Firmware Subscribe
Ip Phone 7841 Subscribe
Ip Phone 7841 Firmware Subscribe
Ip Phone 7861 Subscribe
Ip Phone 7861 Firmware Subscribe
Ip Phone 8800 Subscribe
Ip Phone 8800 Series Subscribe
Ip Phone 8811 Subscribe
Ip Phone 8811 Firmware Subscribe
Ip Phone 8821 Subscribe
Ip Phone 8821 Firmware Subscribe
Ip Phone 8832 Subscribe
Ip Phone 8832 Firmware Subscribe
Ip Phone 8841 Subscribe
Ip Phone 8841 Firmware Subscribe
Ip Phone 8845 Subscribe
Ip Phone 8845 Firmware Subscribe
Ip Phone 8851 Subscribe
Ip Phone 8851 Firmware Subscribe
Ip Phone 8861 Subscribe
Ip Phone 8861 Firmware Subscribe
Ip Phone 8865 Subscribe
Ip Phone 8865 Firmware Subscribe
Session Initiation Protocol (sip) Firmware Subscribe
Video Phone 8875 Subscribe
Video Phone 8875 Firmware Subscribe

Configuration 1 [-]

AND
cpe:2.3:o:cisco:desk_phone_9871_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:desk_phone_9871:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:cisco:desk_phone_9841_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:desk_phone_9841:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:cisco:desk_phone_9851_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:desk_phone_9851:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:cisco:desk_phone_9861_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:desk_phone_9861:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8865_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8865_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7841_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7841_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7861_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7861_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8811_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8811_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8832_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8832_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8832_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8832:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8841_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8841_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8845_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8845_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8851_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8851_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8861_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8861_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8821_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(0.7\):mpp:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(2\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(2\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(2\):sr2:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(3\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(3\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(3\):sr2:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(3\):sr3:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(3\):sr4:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(3\):sr5:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(3\):sr6:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(4\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(4\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(4\):sr2:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(4\):sr3:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(5\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(5\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(5\):sr2:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(5\):sr3:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):sr2:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):sr4:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):sr5:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):sr6:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8821:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
OR cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Cisco Subscribe
Ip Phone 7800 Subscribe
Ip Phone 8800 Subscribe
Ip Phone 8800 Series Subscribe
Session Initiation Protocol (sip) Firmware Subscribe
Video Phone 8875 Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-dos-FPyjLV7A cve-icon cve-icon
History

Thu, 04 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco desk Phone 9841
Cisco desk Phone 9841 Firmware
Cisco desk Phone 9851
Cisco desk Phone 9851 Firmware
Cisco desk Phone 9861
Cisco desk Phone 9861 Firmware
Cisco desk Phone 9871
Cisco desk Phone 9871 Firmware
Cisco ip Phone 7811
Cisco ip Phone 7811 Firmware
Cisco ip Phone 7821
Cisco ip Phone 7821 Firmware
Cisco ip Phone 7841
Cisco ip Phone 7841 Firmware
Cisco ip Phone 7861
Cisco ip Phone 7861 Firmware
Cisco ip Phone 8811
Cisco ip Phone 8811 Firmware
Cisco ip Phone 8821
Cisco ip Phone 8821 Firmware
Cisco ip Phone 8832
Cisco ip Phone 8832 Firmware
Cisco ip Phone 8841
Cisco ip Phone 8841 Firmware
Cisco ip Phone 8845
Cisco ip Phone 8845 Firmware
Cisco ip Phone 8851
Cisco ip Phone 8851 Firmware
Cisco ip Phone 8861
Cisco ip Phone 8861 Firmware
Cisco ip Phone 8865
Cisco ip Phone 8865 Firmware
Cisco video Phone 8875 Firmware
CPEs cpe:2.3:h:cisco:desk_phone_9841:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:desk_phone_9851:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:desk_phone_9861:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:desk_phone_9871:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8821:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8832:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:desk_phone_9841_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:desk_phone_9851_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:desk_phone_9861_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:desk_phone_9871_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7841_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7841_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7861_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7861_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8811_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8811_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(0.7\):mpp:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(2\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(2\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(2\):sr2:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(3\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(3\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(3\):sr2:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(3\):sr3:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(3\):sr4:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(3\):sr5:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(3\):sr6:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(4\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(4\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(4\):sr2:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(4\):sr3:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(5\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(5\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(5\):sr2:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(5\):sr3:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):sr2:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):sr4:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):sr5:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):sr6:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8832_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8832_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8832_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8841_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8841_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8845_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8845_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8851_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8851_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8861_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8861_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8865_firmware:14.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8865_firmware:14.3\(1\):sr1:*:*:*:*:*:*
cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\(1\):sr1:*:*:*:*:*:*
Vendors & Products Cisco desk Phone 9841
Cisco desk Phone 9841 Firmware
Cisco desk Phone 9851
Cisco desk Phone 9851 Firmware
Cisco desk Phone 9861
Cisco desk Phone 9861 Firmware
Cisco desk Phone 9871
Cisco desk Phone 9871 Firmware
Cisco ip Phone 7811
Cisco ip Phone 7811 Firmware
Cisco ip Phone 7821
Cisco ip Phone 7821 Firmware
Cisco ip Phone 7841
Cisco ip Phone 7841 Firmware
Cisco ip Phone 7861
Cisco ip Phone 7861 Firmware
Cisco ip Phone 8811
Cisco ip Phone 8811 Firmware
Cisco ip Phone 8821
Cisco ip Phone 8821 Firmware
Cisco ip Phone 8832
Cisco ip Phone 8832 Firmware
Cisco ip Phone 8841
Cisco ip Phone 8841 Firmware
Cisco ip Phone 8845
Cisco ip Phone 8845 Firmware
Cisco ip Phone 8851
Cisco ip Phone 8851 Firmware
Cisco ip Phone 8861
Cisco ip Phone 8861 Firmware
Cisco ip Phone 8865
Cisco ip Phone 8865 Firmware
Cisco video Phone 8875 Firmware

Tue, 21 Oct 2025 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco ip Phone 7800
Cisco ip Phone 8800
Cisco ip Phone 8800 Series
Cisco session Initiation Protocol (sip) Firmware
Cisco video Phone 8875
Vendors & Products Cisco
Cisco ip Phone 7800
Cisco ip Phone 8800
Cisco ip Phone 8800 Series
Cisco session Initiation Protocol (sip) Firmware
Cisco video Phone 8875

Wed, 15 Oct 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 15 Oct 2025 16:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.
Title Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Cross-Site Scripting Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2025-10-15T17:43:25.544Z

Reserved: 2024-10-10T19:15:13.257Z

Link: CVE-2025-20351

cve-icon Vulnrichment

Updated: 2025-10-15T17:43:19.926Z

cve-icon NVD

Status : Analyzed

Published: 2025-10-15T17:15:49.060

Modified: 2025-12-04T21:26:51.467

Link: CVE-2025-20351

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-10-21T09:41:07Z

Weaknesses