CVE-2025-20189

CWE-7624 documents4 sources
Severity
7.4HIGH
EPSS
0.1%
top 71.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMay 7

Description

A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper memory management when Cisco IOS XE Software is processing Address Resolution Protocol (ARP) messages. An attacker could exploit this vulnerability by sending crafted ARP messages at a high ra

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software266 versions+265
NVDcisco/ios_xe266 versions+265

🔴Vulnerability Details

2
GHSA
GHSA-v76p-4wxx-wrpq: A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switc2025-05-07
CVEList
CVE-2025-20189: A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switc2025-05-07

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers ARP Denial of Service Vulnerability2025-05-07