CVE-2025-20202

CWE-8054 documents4 sources

Severity

7.4HIGH

EPSS

0.1%

top 73.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco IOS XE Software Cisco IOS XE

Timeline

PublishedMay 7

Description

A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of access point (AP) Cisco Discovery Protocol (CDP) neighbor reports when they are processed by the wireless controller. An attacker could exploit this vulnerability by sending a crafted CDP packet to an AP. A successful exploit could allow the attacker to cause…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5cisco/cisco_ios_xe_software153 versions+152

▶NVDcisco/ios_xe153 versions+152

🔴Vulnerability Details

CVEList

CVE-2025-20202: A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) cond↗2025-05-07

▶

GHSA

GHSA-cxrm-7jrj-hp84: A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) cond↗2025-05-07

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Wireless Controller Software Cisco Discovery Protocol Denial of Service Vulnerability↗2025-05-07

▶