CVE-2025-20145Cisco IOS XR Software vulnerability

CWE-2644 documents4 sources
Severity
5.8MEDIUMNVD
EPSS
0.1%
top 71.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedMar 12

Description

A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic thro

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_software61 versions+60
NVDcisco/ios_xr61 versions+60

🔴Vulnerability Details

2
GHSA
GHSA-cqp7-cmgp-m73g: A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote at2025-03-12
CVEList
Cisco IOS XR Software Access Control List Bypass Vulnerability2025-03-12

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Access Control List Bypass Vulnerability2025-03-12
CVE-2025-20145 — Cisco IOS XR Software vulnerability | cvebase