Multiple Cisco Products Vulnerabilities

March 13, 2025

Severity

High

Analysis Summary

CVE-2025-20209 CVSS:7.5

A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote malicious user to prevent an affected device from processing any control plane UDP packets.  This vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the malicious user to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVE-2025-20145 CVSS:5.8

A vulnerability exists in Cisco IOS XR Software's access control list (ACL) processing for egress traffic. The flaw allows an unauthenticated, remote attacker to bypass a configured ACL. The vulnerability occurs when specific packets are mishandled while moving between different line cards, potentially enabling packet transmission through an affected device despite existing egress ACL configurations. An attacker could attempt to send traffic through the device to exploit this weakness, which might result in successfully circumventing the intended egress ACL protections. Cisco has addressed this vulnerability through software updates, and currently no workarounds are available to mitigate the issue.

CVE-2025-20177 CVSS:6.7

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local malicious user to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the malicious user to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system. Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

CVE-2025-20146 CVSS:8.6

A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote malicious user to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed IPv4 multicast packets that are received on line cards where the interface has either an IPv4 access control list (ACL) or a QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 multicast packets through an affected device. A successful exploit could allow the malicious user to cause line card exceptions or a hard reset. Traffic over that line card would be lost while the line card reloads.

CVE-2025-20142 CVSS:8.6

A vulnerability exists in Cisco IOS XR Software for certain Aggregation Services Routers and Compact High-Performance Routers. The issue affects the IPv4 access control list (ACL) and quality of service (QoS) policy features. An unauthenticated, remote attacker could cause a line card to reset by sending malformed IPv4 packets through an affected device. When an interface with an IPv4 ACL or QoS policy receives these crafted packets, network processor errors can occur. This could lead to a line card reset or shutdown, resulting in a denial of service (DoS) condition. Traffic over the affected line card would be lost during the reload. The vulnerability has been predominantly observed in Layer 2 VPN environments with IPv4 ACL or QoS policies applied to bridge virtual interfaces, though Layer 3 configurations are also potentially affected.

CVE-2025-20141 CVSS:7.4

A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent malicious user to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.  This vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the malicious user to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition.

CVE-2025-20138 CVSS:8.8

A vulnerability exists in the CLI of Cisco IOS XR Software that allows an authenticated, local attacker to execute arbitrary commands as root on the device's underlying operating system. The issue stems from insufficient validation of user arguments passed to specific CLI commands. An attacker with a low-privileged account could potentially use crafted commands at the prompt to elevate privileges to root and execute arbitrary commands, effectively gaining complete control over the system.

CVE-2025-20143 CVSS:6.7

A vulnerability exists in Cisco IOS XR Software that could allow a local attacker with root-system privileges to bypass the Secure Boot functionality. An authenticated attacker with high-level access could potentially manipulate loaded binaries and circumvent integrity checks during the boot process. This security weakness stems from insufficient verification of software modules, which might enable the attacker to control boot configuration and potentially load unsigned images or modify system security properties. The vulnerability specifically impacts Cisco IOS XR Software and requires the attacker to already have root-system level access to the device. Cisco has addressed this issue through software updates, and no alternative workarounds are currently available to mitigate the vulnerability.

CVE-2025-20144 CVSS:4

A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote malicious user to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the malicious user to bypass a configured ACL on the affected device. For more information, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

CVE-2025-20115 CVSS:8.6

A vulnerability exists in the confederation implementation for Border Gateway Protocol (BGP) in Cisco IOS XR Software. This security issue allows an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability stems from memory corruption that happens when a BGP update is created with an AS_CONFED_SEQUENCE attribute containing 255 autonomous system numbers. An attacker could exploit this by sending a crafted BGP update message or by manipulating network design to make the AS_CONFED_SEQUENCE attribute grow to 255 AS numbers or more. A successful exploit could trigger memory corruption, potentially causing the BGP process to restart and leading to a DoS condition. To carry out this attack, an attacker must either control a BGP confederation speaker within the same autonomous system as the victim or design the network in a way that allows the AS_CONFED_SEQUENCE attribute to reach 255 AS numbers.

Impact