CVE-2025-20158

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Feb 19, 2025

CWE ID 200

Summary

CVE-2025-20158 is a vulnerability affecting the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series. This issue permits an authenticated, local attacker to gain unauthorized access to sensitive information on the device, provided they have valid administrative credentials with SSH access. By sending a specially crafted SSH client command to the CLI, an attacker can successfully exploit this vulnerability, potentially exposing details of the underlying operating system. Note that SSH access is disabled by default, but if enabled, this weakness could pose a significant risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3hYeSq
https://www.cve.org/CVERecord?id=CVE-2025-20158
https://nvd.nist.gov/vuln/detail/CVE-2025-20158

Back to Vulnerability Database

CVE-2025-20158

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations