CVE-2025-20313Path Traversal: '.../...//' in Cisco IOS XE Software

CWE-35Path Traversal: '.../...//'CWE-232Improper Handling of Undefined Values4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.1%
top 71.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE Software
Timeline
PublishedSep 24

Description

Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due path traversal and improper image integrity validation. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Because this allows the attacker to bypass a m

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5cisco/cisco_ios_xe_software119 versions+118

🔴Vulnerability Details

2
GHSA
GHSA-8vx8-2pfg-45rm: Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attac2025-09-24
CVEList
CVE-2025-20313: Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attac2025-09-24

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Secure Boot Bypass Vulnerabilities2025-09-24
CVE-2025-20313 — Path Traversal: '.../...//' in Cisco | cvebase