Analysis Summary

CVE-2025-20189 CVSS:7.4

A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition.

CVE-2025-20190 CVSS:6.5

A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users defined on an affected device.

CVE-2025-20155 CVSS:6

A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system.

CVE-2025-20162 CVSS:8.6

A vulnerability in the DHCP snooping security feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a full interface queue wedge, which could result in a denial of service (DoS) condition.

CVE-2025-20186 CVSS:8.8

A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account to perform a command injection attack against an affected device.

Impact

• Denial of Service
• Code Execution

Indicators of Compromise

CVE

• CVE-2025-20189
• CVE-2025-20190
• CVE-2025-20155
• CVE-2025-20162
• CVE-2025-20186

Affected Vendors

Remediation

Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-20189

CVE-2025-20190

CVE-2025-20155

CVE-2025-20162

CVE-2025-20186