CVE-2025-20335

Severity CVSS v4.0:

Pending analysis

Type:

CWE-284 Improper Access Control

Publication date:

03/09/2025

Last modified:

05/01/2026

Description

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device.<br /> <br /> This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system.<br /> Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS v3.1 Severity and Metrics:

Base Score: 5.30 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): Low
Availability (A): None

Base Score 3.x

5.30

Severity 3.x

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:cisco:desk_phone_9841_firmware::::::::	3.0\(1\) (including)	3.3\(1\) (excluding)
cpe:2.3:h:cisco:desk_phone_9841:-:::::::*
cpe:2.3:o:cisco:desk_phone_9851_firmware::::::::	3.0\(1\) (including)	3.3\(1\) (excluding)
cpe:2.3:h:cisco:desk_phone_9851:-:::::::*
cpe:2.3:o:cisco:desk_phone_9861_firmware::::::::	3.0\(1\) (including)	3.3\(1\) (excluding)
cpe:2.3:h:cisco:desk_phone_9861:-:::::::*
cpe:2.3:o:cisco:desk_phone_9871_firmware::::::::	3.0\(1\) (including)	3.3\(1\) (excluding)
cpe:2.3:h:cisco:desk_phone_9871:-:::::::*
cpe:2.3:o:cisco:ip_phone_7811_firmware::::::::		14.3\(1\) (excluding)
cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\(1\):-::::::
cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\(1\):sr1::::::
cpe:2.3:h:cisco:ip_phone_7811:-:::::::*
cpe:2.3:o:cisco:ip_phone_7821_firmware::::::::		14.3\(1\) (excluding)
cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\(1\):-::::::
cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\(1\):sr1::::::

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-write-g3kcC5Df

CPE	From	Up to
cpe:2.3:o:cisco:desk_phone_9841_firmware::::::::	3.0\(1\) (including)	3.3\(1\) (excluding)
cpe:2.3:h:cisco:desk_phone_9841:-:::::::*
cpe:2.3:o:cisco:desk_phone_9851_firmware::::::::	3.0\(1\) (including)	3.3\(1\) (excluding)
cpe:2.3:h:cisco:desk_phone_9851:-:::::::*
cpe:2.3:o:cisco:desk_phone_9861_firmware::::::::	3.0\(1\) (including)	3.3\(1\) (excluding)
cpe:2.3:h:cisco:desk_phone_9861:-:::::::*
cpe:2.3:o:cisco:desk_phone_9871_firmware::::::::	3.0\(1\) (including)	3.3\(1\) (excluding)
cpe:2.3:h:cisco:desk_phone_9871:-:::::::*
cpe:2.3:o:cisco:ip_phone_7811_firmware::::::::		14.3\(1\) (excluding)
cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\(1\):-::::::
cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\(1\):sr1::::::
cpe:2.3:h:cisco:ip_phone_7811:-:::::::*
cpe:2.3:o:cisco:ip_phone_7821_firmware::::::::		14.3\(1\) (excluding)
cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\(1\):-::::::
cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\(1\):sr1::::::