Information disclosure in Cisco Session Initiation Protocol (Sip) Software
CVE-2025-20158
A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker m…
Vulnerability class: Information Disclosure
EPSS: 0.000 (11.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Cisco Session Initiation Protocol (Sip) Software — versions 3.1(1), 3.0(1), 2.3(1)
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-20158?
- CVE-2025-20158 is a medium-severity vulnerability in Cisco Session Initiation Protocol (Sip) Software, classified under Information Disclosure. CVSS score: 4.4/10. Published 2025-02-19.
- How severe is CVE-2025-20158?
- Medium severity. CVSS v3 base score is 4.4 out of 10.