CVE-2025-20154Improper Input Validation in Cisco IOS

CWE-20Improper Input Validation4 documents4 sources
Severity
8.6HIGHNVD
EPSS
0.4%
top 36.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco IOSCisco IOS XECisco IOS XR Software+1 more
Timeline
PublishedMay 7

Description

A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server process to reload unexpectedly if debugs are enabled. This vulnerability is due to out-of-bounds array access when processing specially crafted TWAMP c

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages4 packages

CVEListV5cisco/cisco_ios_xr_software92 versions+91
NVDcisco/ios15.9\(3\)m11
NVDcisco/ios_xe16.6.117.2.3
NVDcisco/ios_xr92 versions+91

🔴Vulnerability Details

2
GHSA
GHSA-hvxf-w5xq-9cvg: A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unaut2025-05-07
CVEList
Cisco IOS, IOS XE and IOS XR Software TWAMP Denial of Service Vulnerability2025-05-07

📋Vendor Advisories

1
Cisco
Cisco IOS, IOS XE, and IOS XR Software TWAMP Denial of Service Vulnerability2025-05-07
CVE-2025-20154 — Improper Input Validation in Cisco IOS | cvebase