CVE-2025-20335

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system. Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-write-g3kcC5Df	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:desk_phone_9841_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:desk_phone_9841:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:desk_phone_9851_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:desk_phone_9851:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cisco:desk_phone_9861_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:desk_phone_9861:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:cisco:desk_phone_9871_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:desk_phone_9871:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:cisco:ip_phone_7811_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\(1\):-::::::
	cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\(1\):sr1::::::

cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:cisco:ip_phone_7821_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\(1\):-::::::
	cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\(1\):sr1::::::

cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:cisco:ip_phone_7841_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_7841_firmware:14.3\(1\):-::::::
	cpe:2.3:o:cisco:ip_phone_7841_firmware:14.3\(1\):sr1::::::

cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:cisco:ip_phone_7861_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_7861_firmware:14.3\(1\):-::::::
	cpe:2.3:o:cisco:ip_phone_7861_firmware:14.3\(1\):sr1::::::

cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

OR	cpe:2.3:o:cisco:ip_phone_8811_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_8811_firmware:14.3\(1\):-::::::
	cpe:2.3:o:cisco:ip_phone_8811_firmware:14.3\(1\):sr1::::::

cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

OR	cpe:2.3:o:cisco:ip_phone_8841_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_8841_firmware:14.3\(1\):-::::::
	cpe:2.3:o:cisco:ip_phone_8841_firmware:14.3\(1\):sr1::::::

cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

OR	cpe:2.3:o:cisco:ip_phone_8845_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_8845_firmware:14.3\(1\):-::::::
	cpe:2.3:o:cisco:ip_phone_8845_firmware:14.3\(1\):sr1::::::

cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

OR	cpe:2.3:o:cisco:ip_phone_8851_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_8851_firmware:14.3\(1\):-::::::
	cpe:2.3:o:cisco:ip_phone_8851_firmware:14.3\(1\):sr1::::::

cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

OR	cpe:2.3:o:cisco:ip_phone_8851nr_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_8851nr_firmware:14.3\(1\):-::::::
	cpe:2.3:o:cisco:ip_phone_8851nr_firmware:14.3\(1\):sr1::::::

cpe:2.3:h:cisco:ip_phone_8851nr:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

OR	cpe:2.3:o:cisco:ip_phone_8861_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_8861_firmware:14.3\(1\):-::::::
	cpe:2.3:o:cisco:ip_phone_8861_firmware:14.3\(1\):sr1::::::

cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

OR	cpe:2.3:o:cisco:ip_phone_8865_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_8865_firmware:14.3\(1\):-::::::
	cpe:2.3:o:cisco:ip_phone_8865_firmware:14.3\(1\):sr1::::::

cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

OR	cpe:2.3:o:cisco:video_phone_8875_firmware::::::::
	cpe:2.3:o:cisco:video_phone_8875_firmware::::::::
	cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\(1\):-::::::
	cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\(1\):sr1::::::

cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

OR	cpe:2.3:o:cisco:ip_phone_8821_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):-::::::
	cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):sr1::::::
	cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):sr2::::::
	cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):sr4::::::
	cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):sr5::::::
	cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(6\):sr6::::::

cpe:2.3:h:cisco:ip_phone_8821:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-09-03 18:15

Updated : 2026-01-05 14:49

NVD link : CVE-2025-20335

Mitre link : CVE-2025-20335

CVE.ORG link : CVE-2025-20335

JSON object : View

Products Affected

cisco

ip_phone_7841
ip_phone_8841_firmware
ip_phone_7811_firmware
ip_phone_7861_firmware
ip_phone_7821
desk_phone_9841
video_phone_8875
ip_phone_8845_firmware
ip_phone_8845
ip_phone_8821
ip_phone_8841
desk_phone_9861
ip_phone_8861_firmware
ip_phone_8851
ip_phone_8821_firmware
desk_phone_9851_firmware
desk_phone_9871_firmware
ip_phone_8851nr
ip_phone_8851_firmware
ip_phone_7821_firmware
ip_phone_7841_firmware
ip_phone_8811_firmware
ip_phone_8865
ip_phone_8851nr_firmware
ip_phone_8865_firmware
ip_phone_7811
ip_phone_8861
desk_phone_9861_firmware
ip_phone_8811
ip_phone_7861
video_phone_8875_firmware
desk_phone_9841_firmware
desk_phone_9871
desk_phone_9851

CWE

CWE-284

Improper Access Control

5.3 /10