Cisco Phone Security Blunders: File Writing & Info Disclosure Vulnerabilities Unleashed
Attention Cisco users: your phones could be the stars of a new hacking drama if Web Access is enabled. The CVE-2025-20335 vulnerability lets attackers write arbitrary files, while CVE-2025-20336 reveals sensitive info. Thankfully, software updates are here to save the day, because no one wants their office phone to have a secret life.
Hot Take:
**_Cisco’s desk and video phones are pulling a double feature with vulnerabilities that even Hollywood blockbusters would envy. It seems these phones are not content with just making calls – they’re also dabbling in some unauthorized file-writing and information-sharing! Maybe they’re just trying to be more social, but Cisco’s quick to release updates that put a damper on this newfound rebellious streak. Looks like these phones need to stick to their day jobs!_**
Key Points:
– Two separate vulnerabilities affect Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875.
– CVE-2025-20335 involves arbitrary file writing due to improper authentication.
– CVE-2025-20336 involves unauthorized access to sensitive information.
– Both vulnerabilities require Web Access to be enabled, which is disabled by default.
– Cisco has released software updates to address these vulnerabilities, but no workarounds are available.