CVE-2025-20137

CWE-284Improper Access Control4 documents4 sources
Severity
4.7MEDIUM
EPSS
0.1%
top 72.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedMay 7

Description

A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/ios35 versions+34
NVDcisco/ios35 versions+34

🔴Vulnerability Details

2
CVEList
CVE-2025-20137: A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst2025-05-07
GHSA
GHSA-x37r-wqwh-97qm: A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst2025-05-07

📋Vendor Advisories

1
Cisco
Cisco IOS Software on Cisco Catalyst 1000 and 2960L Switches Access Control List Bypass Vulnerability2025-05-07
CVE-2025-20137 (MEDIUM CVSS 4.7) | A vulnerability in the access contr | cvebase.io