Multiple Cisco desk, IP, and video phones are at risk of remote denial-of-service (DoS) and cross-site scripting (XSS) attacks due to flaws in their Session Initiation Protocol (SIP) software.
The weaknesses affect Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models when they are registered to Cisco Unified Communications Manager with Web Access enabled. No workarounds are available, so updating to the fixed releases is essential.
Cisco released Advisory ID cisco-sa-phone-dos-FPyjLV7A on October 15, 2025, disclosing two distinct vulnerabilities.
https://gbhackers.com/cisco-desk-ip-and ... ulnerable/