Cisco Patches High-Severity IOS XR Vulnerabilities

Posted on By CWS

Cisco on Wednesday launched patches for 3 vulnerabilities in IOS XR software program, as a part of its September 2025 safety advisory bundled publication.

Tracked as CVE-2025-20248 (CVSS rating of 6), the primary of the bugs is a high-severity situation within the IOS XR set up course of that might enable attackers to bypass picture signature verification.

Profitable exploitation of the flaw, Cisco explains, may result in unsigned information being added to an ISO picture, which may then be put in and activated on a tool.

Due to the potential bypass of the picture verification course of, Cisco has raised the safety affect score of the advisory from medium to excessive. 

The second IOS XR situation resolved this week is CVE-2025-20340 (CVSS rating of seven.4), a bug within the software program’s Handle Decision Protocol (ARP) implementation that could possibly be exploited by adjoining, unauthenticated attackers to trigger a denial-of-service (DoS) situation.

“This vulnerability is because of how Cisco IOS XR Software program processes a excessive, sustained price of ARP site visitors hitting the administration interface. Below sure situations, an attacker may exploit this vulnerability by sending an extreme quantity of site visitors to the administration interface of an affected gadget, overwhelming its ARP processing capabilities,” Cisco explains.

The third safety defect is a medium-severity situation in IOS XR’s ACL processing characteristic that might enable unauthenticated, distant attackers to ship site visitors to a weak gadget and bypass configured ACLs for the SSH, NetConf, and gRPC options.

Tracked as CVE-2025-20159 (CVSS rating of 5.3), the flaw exists as a result of IOS XR packet I/O infrastructure platforms for SSH, NetConf, and gRPC haven’t supported administration interface ACLs.Commercial. Scroll to proceed studying.

Cisco says it isn’t conscious of any of those vulnerabilities being exploited within the wild. Customers are suggested to use the out there patches as quickly as potential, as hackers are identified to have exploited Cisco bugs. 

Associated: Fortinet, Ivanti, Nvidia Launch Safety Updates

Associated: Apple Unveils iPhone Reminiscence Protections to Fight Refined Assaults

Associated: ICS Patch Tuesday: Rockwell Automation Leads With 8 Safety Advisories

Associated: SAP Patches Crucial NetWeaver Vulnerabilities

Security Week News Tags:, , , ,

Related Posts

Critical Citrix NetScaler Flaw Exploited as Zero-Day Security Week News
CISA Warns of Flaw in TeleMessage App Used by Ex-National Security Advisor  Security Week News
Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack Security Week News
WhatsApp Zero-Day Exploited in Attacks Targeting Apple Users Security Week News
US Insurance Industry Warned of Scattered Spider Attacks Security Week News
Cyberstarts Launches $300M Liquidity Fund to Help Startups Retain Top Talent Security Week News