Cisco Phone Security Blunders: File Writing & Info Disclosure Vulnerabilities Unleashed

Attention Cisco users: your phones could be the stars of a new hacking drama if Web Access is enabled. The CVE-2025-20335 vulnerability lets attackers write arbitrary files, while CVE-2025-20336 reveals sensitive info. Thankfully, software updates are here to save the day, because no one wants their office phone to have a secret life.

Pro Dashboard

Hot Take:

**_Cisco’s desk and video phones are pulling a double feature with vulnerabilities that even Hollywood blockbusters would envy. It seems these phones are not content with just making calls – they’re also dabbling in some unauthorized file-writing and information-sharing! Maybe they’re just trying to be more social, but Cisco’s quick to release updates that put a damper on this newfound rebellious streak. Looks like these phones need to stick to their day jobs!_**

Key Points:

– Two separate vulnerabilities affect Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875.
– CVE-2025-20335 involves arbitrary file writing due to improper authentication.
– CVE-2025-20336 involves unauthorized access to sensitive information.
– Both vulnerabilities require Web Access to be enabled, which is disabled by default.
– Cisco has released software updates to address these vulnerabilities, but no workarounds are available.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?