Details of VAR-202509-2355

ID

VAR-202509-2355

CVE

CVE-2025-20335

DESCRIPTION

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system. Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.

Trust: 1.0

sources: NVD: CVE-2025-20335

AFFECTED PRODUCTS

vendor:	cisco	model:	ip phone 8851	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	video phone 8875	scope:	gte	version:	3.0\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9841	scope:	lt	version:	3.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8861	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7841	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8865	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7861	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9851	scope:	lt	version:	3.3\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9841	scope:	gte	version:	3.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8821	scope:	eq	version:	11.0\(6\)	Trust: 1.0
vendor:	cisco	model:	video phone 8875	scope:	eq	version:	2.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8841	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8845	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	video phone 8875	scope:	lt	version:	2.3\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9851	scope:	gte	version:	3.0\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9861	scope:	lt	version:	3.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8851nr	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9871	scope:	lt	version:	3.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7811	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8851	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9861	scope:	gte	version:	3.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8861	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8811	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7861	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	video phone 8875	scope:	lt	version:	3.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8821	scope:	lt	version:	11.0\(6\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9871	scope:	gte	version:	3.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7841	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8841	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8851nr	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8865	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7811	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7821	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8811	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7821	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8845	scope:	eq	version:	14.3\(1\)	Trust: 1.0

sources: NVD: CVE-2025-20335

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com:	CVE-2025-20335
value:	MEDIUM
Trust: 1.0

psirt@cisco.com:	CVE-2025-20335
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: NVD: CVE-2025-20335

PROBLEMTYPE DATA

problemtype:

CWE-284

Trust: 1.0

sources: NVD: CVE-2025-20335

EXTERNAL IDS

db:

NVD

id:

CVE-2025-20335

Trust: 1.0

sources: NVD: CVE-2025-20335

REFERENCES

url:

https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-phone-write-g3kcc5df

Trust: 1.0

sources: NVD: CVE-2025-20335

SOURCES

db:

NVD

id:

CVE-2025-20335

LAST UPDATE DATE

2026-01-14T23:53:00.992000+00:00

SOURCES UPDATE DATE

db:

NVD

id:

CVE-2025-20335

date:

2026-01-05T14:49:25.683

SOURCES RELEASE DATE

db:

NVD

id:

CVE-2025-20335

date:

2025-09-03T18:15:34.393