Skip to main content

10 security advisories address multiple vulnerabilities, including seven high and three medium severity advisories

Threat ID:CC-4631
Threat Severity:Medium
Published:13 March 2025 3:23 PM

Summary

10 security advisories address multiple vulnerabilities, including seven high and three medium severity advisories

Affected platforms

The following platforms are known to be affected:

Cisco IOS XR

Threat details

Introduction

Cisco has released 10 security advisories addressing multiple vulnerabilities, including seven high and three medium severity advisories affecting Cisco IOS XR Software, which is a networking software system.

CVE-2025-20138 is an 'improper neutralization of special elements used in an OS Command' vulnerability with a CVSSv3 score of 8.8. Successful exploitation could allow an authenticated, remote attacker to execute arbitrary commands and elevate privileges on an affected device, provided that the attacker has valid read-only administrative credentials. 

CVE-2025-20177 is an 'improper handling of insufficient privileges' vulnerability with a CVSSv3 score of 6.7. This vulnerability could allow an attacker to bypass Cisco IOS XR image signature verification and load unverified software.

CVE-2025-20143 is an 'improper verification of cryptographic signature' vulnerability with a CVSSv3 score of 6.7. This vulnerability could allow an authenticated, remote attacker to bypass the Secure Boot functionality and load unverified software on an affected device, provided that the attacker has valid read-only administrative credentials. 

Other high severity vulnerabilities could allow an authenticated, remote attacker to conduct a denial-of-service (DoS) attack on an affected device. 

Two medium severity vulnerabilities CVE-2025-20145 and CVE-2025-20144 could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) on an affected device. CVE-2025-20145 is a 'permissions, privileges, and access controls' vulnerability with a CVSSv3 score of 5.8 and CVE-2025-20144 an 'improper access control' vulnerability with a CVSSv3 score of 4.

Remediation advice

Affected organisations are encouraged to review Cisco's security advisories and apply the relevant updates as soon as practicable.

Remediation steps

   
Patch

Cisco IOS XR Software Internet Key Exchange Version 2 Denial of Service Vulnerability | cisco-sa-xrike-9wYGpRGq


https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrike-9wYGpRGq
Patch

Cisco IOS XR Software Release 7.9.2 Denial of Service Vulnerability | cisco-sa-xr792-bWfVDPY


https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr792-bWfVDPY
Patch

Cisco IOS XR Software Secure Boot Bypass Vulnerability | cisco-sa-sb-lkm-zNErZjbZ


https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-lkm-zNErZjbZ
Patch

Cisco IOS XR Software for ASR 9000 Series Routers Layer 3 Multicast Denial of Service Vulnerability | cisco-sa-multicast-ERMrSvq7


https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multicast-ERMrSvq7
Patch

Cisco IOS XR Software for ASR 9000 Series Routers IPv4 Unicast Packets Denial of Service Vulnerability | cisco-sa-ipv4uni-LfM3cfBu


https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4uni-LfM3cfBu
Patch

Cisco IOS XR Software CLI Privilege Escalation Vulnerability | cisco-sa-iosxr-priv-esc-GFQjxvOF


https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-GFQjxvOF
Patch

Cisco IOS XR Software Image Verification Bypass Vulnerability | cisco-sa-ios-xr-verii-bypass-HhPwQRvx


https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx
Patch

Cisco IOS XR Software Hybrid Access Control List Bypass Vulnerability | cisco-sa-ncs-hybridacl-crMZFfKQ


https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs-hybridacl-crMZFfKQ
Patch

Cisco IOS XR Software Access Control List Bypass Vulnerability | cisco-sa-modular-ACL-u5MEPXMm


https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-modular-ACL-u5MEPXMm
Patch

Cisco IOS XR Software Border Gateway Protocol Confederation Denial of Service Vulnerability | cisco-sa-iosxr-bgp-dos-O7stePhX


https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bgp-dos-O7stePhX

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2025-20209Cisco IOS XR Software Internet Key Exchange Version 2 Denial of Service Vulnerability
StatusPublished
CVE-2025-20141Cisco IOS XR Software Release 7.9.2 Denial of Service Vulnerability
StatusPublished
CVE-2025-20143Cisco IOS XR Software Secure Boot Bypass Vulnerability
StatusPublished
CVE-2025-20146Cisco IOS XR Software for ASR 9000 Series Routers Layer 3 Multicast Routing Denial of Service Vulnerability
StatusPublished
CVE-2025-20142Cisco IOS XR Software for ASR 9000 Series Routers L2VPN Denial of Service Vulnerability
StatusPublished
CVE-2025-20138Cisco IOS XR Software CLI Privilege Escalation Vulnerability
StatusPublished
CVE-2025-20177Cisco IOS XR Software Image Verification Bypass Vulnerability
StatusPublished
CVE-2025-20144Cisco IOS XR Software Access Control List Bypass Vulnerability
StatusPublished
CVE-2025-20145Cisco IOS XR Software Access Control List Bypass Vulnerability
StatusPublished
CVE-2025-20115Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability

Last edited: 13 March 2025 3:23 pm

Back to top