- 232/2025
- High
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, conduct cross-site scripting attacks, or obtain sensitive information in clear text on the affected system.
Sample of addressed vulnerabilities:
Cisco Desk Phone, IP Phone, and Video Phone with SIP Software Denial of Service Vulnerability (CVE-2025-20350):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Sample of the affected products:
- Cisco Desk Phone 9800 Series, IP Phone 8800 Series, Video Phone 8875.
- Cisco Catalyst 8000V Edge Software.
- Cisco RoomOS in on-premises operation.
- Cisco IOS and IOS XE Software.
Vulnerabilities
- CVE-2025-20329
- CVE-2025-20350
- CVE-2025-20351
- CVE-2025-20356
- CVE-2025-20357
- CVE-2025-20359
- CVE-2025-20360
- CVE-2025-20361
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.