CVE-2025-20262NULL Pointer Dereference in Cisco Nx-os Software

CWE-476NULL Pointer Dereference4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 63.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Nx-os Software
Timeline
PublishedAug 27

Description

A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of PIM6 ephemeral data queries. An attacker could exploit this vulnerability by sending a crafted ephemeral query to an a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:LExploitability: 3.1 | Impact: 1.4

Affected Packages1 packages

CVEListV5cisco/cisco_nx-os_software64 versions+63

🔴Vulnerability Details

2
GHSA
GHSA-3q92-5vpf-96pw: A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switche2025-08-27
CVEList
Cisco Nexus 3000 and 9000 Series Switches Protocol Independent Multicast Version 6 Denial of Service Vulnerability2025-08-27

📋Vendor Advisories

1
Cisco
Cisco Nexus 3000 and 9000 Series Switches Protocol Independent Multicast Version 6 Denial of Service Vulnerability2025-08-27
CVE-2025-20262 — NULL Pointer Dereference in Cisco | cvebase