CVE-2025-20196

CWE-3074 documents4 sources

Severity

5.3MEDIUM

EPSS

0.3%

top 50.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco 807 Industrial Integrated Services Router Firmware Cisco 809 Industrial Integrated Services Router Firmware Cisco 829 Industrial Integrated Services Router Firmware +5 more

Timeline

PublishedMay 7

Description

A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacke…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages8 packages

▶NVDcisco/807_industrial_integrated_services_router_firmware< 15.9\(3\)m11

▶NVDcisco/809_industrial_integrated_services_router_firmware< 15.9\(3\)m11

▶NVDcisco/829_industrial_integrated_services_router_firmware< 15.9\(3\)m11

▶CVEListV5cisco/cisco_ios_xe_software137 versions+136

▶NVDcisco/ios_xe< 17.15.2+137

🔴Vulnerability Details

CVEList

CVE-2025-20196: A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remot↗2025-05-07

▶

GHSA

GHSA-mqph-g74f-5j5f: A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remot↗2025-05-07

▶

📋Vendor Advisories

Cisco

Cisco IOx Application Hosting Environment Denial of Service Vulnerability↗2025-05-07

▶