VoIP: Cisco and Ubiquiti Provide Security Updates
Updates for Ubiquiti's UniFi Talk and several Cisco IP phone series close security vulnerabilities rated "High".
(Image: Vladimir Sukhachev/Shutterstock.com)
Cisco and Ubiquiti have released security updates that close high-rated VoIP vulnerabilities. There is no known active exploitation yet. Nevertheless, IT managers should proceed and install the available updates.
Cisco: Denial of Service and Cross-Site Scripting
The security vulnerability fixed by Cisco affects the product series Desk Phone 9800, IP Phone 7800, IP Phone 8800, and Video Phone 8875. Explicitly *not* vulnerable are the IP Phone 7800 and 8800 series based on Cisco Multiplatform Firmware.
Successful remote attacks via CVE-2025-20350 and CVE-2025-20351 without prior authentication could temporarily disable the phones via forced restart (Denial of Service, DoS). Furthermore, cross-site scripting attacks against users of the graphical web interface are conceivable. Cisco rates the risk as “high” (CVSS score 7.5).
According to Cisco, exploits are only possible if the respective phone is registered with Cisco Unified Communications Manager and web access is enabled. By default, this is not the case.
How to check the current status of the web access function can be found in Cisco's advisory on the vulnerabilities, is Cisco's advisory on the vulnerabilities. There you will also find an overview of the fixed releases of the Cisco SIP software used by the devices.
Ubiquiti: Debugging functions as a potential entry point
The security vulnerability CVE-2025-52663 (CVSS score 7.2) is present in UniFi Talk Touch up to and including version 1.21.16, UniFi Talk Touch Max up to and including version 2.21.22, and phones in the UniFi Talk G3 series up to and including version 3.21.26.
Videos by heise
In these devices, the debugging functionality was apparently not deactivated ex-factory as intended. A remote attacker with access to the UniFi Talk Management Network could access these functions via the devices' programming interface.
The consequences of such manipulations are not specified in Ubiquiti's Security Advisory Bulletin, vulnerability description in the Security Advisory Bulletin. An update to at least the next version (Talk Touch 1.21.17, Talk Touch Max 2.21.23, Talk G3 3.21.27) eliminates the danger.
(ovw)
