CVE-2025-20111

CWE-12204 documents4 sources
Severity
7.4HIGH
EPSS
0.1%
top 68.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Cisco Nx-os Software
Timeline
PublishedFeb 26

Description

A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages1 packages

CVEListV5cisco/cisco_nx-os_software53 versions+52

🔴Vulnerability Details

2
CVEList
Cisco Nexus 3000 and 9000 Series Switches Layer 2 Ethernet Denial of Service Vulnerability2025-02-26
GHSA
GHSA-q737-5cw3-3g78: A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode2025-02-26

📋Vendor Advisories

1
Cisco
Cisco Nexus 3000 and 9000 Series Switches Health Monitoring Diagnostics Denial of Service Vulnerability2025-02-26
CVE-2025-20111 (HIGH CVSS 7.4) | A vulnerability in the health monit | cvebase.io