CVE-2025-20241

CWE-7334 documents4 sources
Severity
7.4HIGH
EPSS
0.0%
top 87.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Cisco Nx-os Software
Timeline
PublishedAug 27

Description

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages1 packages

CVEListV5cisco/cisco_nx-os_software127 versions+126

🔴Vulnerability Details

2
GHSA
GHSA-9xhv-jrcw-j6fj: A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cis2025-08-27
CVEList
Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol <TBD> Denial of Service Vulnerability2025-08-27

📋Vendor Advisories

1
Cisco
Cisco Nexus 3000 and 9000 Series Switches Intermediate System-to-Intermediate System Denial of Service Vulnerability2025-08-27
CVE-2025-20241 (HIGH CVSS 7.4) | A vulnerability in the Intermediate | cvebase.io