CVE-2025-20159

CWE-284Improper Access Control4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.0%
top 90.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Cisco IOS XR Software
Timeline
PublishedSep 10

Description

A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vulnerability exists because management interface ACLs have not been supported on Cisco IOS XR Software Packet I/O infrastructure platforms for Linux-handled features such as SSH, NetConf, or gRPC. An attacker could exploit this vulnerability by attempting to send

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

CVEListV5cisco/cisco_ios_xr_software74 versions+73

🔴Vulnerability Details

2
CVEList
Cisco IOS XR Software Management Interface ACL Bypass Vulnerability2025-09-10
GHSA
GHSA-6rcj-394r-r32c: A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an unauthenticated, remo2025-09-10

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Management Interface ACL Bypass Vulnerability2025-09-10
CVE-2025-20159 (MEDIUM CVSS 5.3) | A vulnerability in the management i | cvebase.io