Cisco Patches High-Severity IOS XR Vulnerabilities

Cisco Patches High-Severity IOS XR Vulnerabilities

Posted on By CWS

Cisco on Wednesday launched patches for 3 vulnerabilities in IOS XR software program, as a part of its September 2025 safety advisory bundled publication.

Tracked as CVE-2025-20248 (CVSS rating of 6), the primary of the bugs is a high-severity situation within the IOS XR set up course of that might enable attackers to bypass picture signature verification.

Profitable exploitation of the flaw, Cisco explains, may result in unsigned information being added to an ISO picture, which may then be put in and activated on a tool.

Due to the potential bypass of the picture verification course of, Cisco has raised the safety affect score of the advisory from medium to excessive. 

The second IOS XR situation resolved this week is CVE-2025-20340 (CVSS rating of seven.4), a bug within the software program’s Handle Decision Protocol (ARP) implementation that could possibly be exploited by adjoining, unauthenticated attackers to trigger a denial-of-service (DoS) situation.

“This vulnerability is because of how Cisco IOS XR Software program processes a excessive, sustained price of ARP site visitors hitting the administration interface. Below sure situations, an attacker may exploit this vulnerability by sending an extreme quantity of site visitors to the administration interface of an affected gadget, overwhelming its ARP processing capabilities,” Cisco explains.

The third safety defect is a medium-severity situation in IOS XR’s ACL processing characteristic that might enable unauthenticated, distant attackers to ship site visitors to a weak gadget and bypass configured ACLs for the SSH, NetConf, and gRPC options.

Tracked as CVE-2025-20159 (CVSS rating of 5.3), the flaw exists as a result of IOS XR packet I/O infrastructure platforms for SSH, NetConf, and gRPC haven’t supported administration interface ACLs.Commercial. Scroll to proceed studying.

Cisco says it isn’t conscious of any of those vulnerabilities being exploited within the wild. Customers are suggested to use the out there patches as quickly as potential, as hackers are identified to have exploited Cisco bugs. 

Associated: Fortinet, Ivanti, Nvidia Launch Safety Updates

Associated: Apple Unveils iPhone Reminiscence Protections to Fight Refined Assaults

Associated: ICS Patch Tuesday: Rockwell Automation Leads With 8 Safety Advisories

Associated: SAP Patches Crucial NetWeaver Vulnerabilities

Security Week News Tags:, , , ,

Related Posts

Hackers Stole 300,000 Crash Reports From Texas Department of Transportation Hackers Stole 300,000 Crash Reports From Texas Department of Transportation Security Week News
CISO Conversations: Are Microsoft’s Deputy CISOs a Signpost to the Future? CISO Conversations: Are Microsoft’s Deputy CISOs a Signpost to the Future? Security Week News
Backdoored Open Source Malware Repositories Target Novice Cybercriminals Backdoored Open Source Malware Repositories Target Novice Cybercriminals Security Week News
New Vulnerabilities Expose Millions of Brother Printers to Hacking New Vulnerabilities Expose Millions of Brother Printers to Hacking Security Week News
Spektrum Labs Emerges From Stealth to Help Companies Prove Resilience Spektrum Labs Emerges From Stealth to Help Companies Prove Resilience Security Week News
Air France, KLM Say Hackers Accessed Customer Data Air France, KLM Say Hackers Accessed Customer Data Security Week News