CVE-2025-20315Buffer Access with Incorrect Length Value in Cisco IOS XE Software

CWE-805Buffer Access with Incorrect Length Value4 documents4 sources
Severity
8.6HIGHNVD
EPSS
0.1%
top 66.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE Software
Timeline
PublishedSep 24

Description

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing a denial of service (DoS) condition. This vulnerability is due to improper handling of malformed Control and Provisioning of Wireless Access Points (CAPWAP) packets. An attacker could exploit this vulnerability by sending malformed CAPWAP packets through an affected device. A successful exploit could al

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages1 packages

CVEListV5cisco/cisco_ios_xe_software340 versions+339

🔴Vulnerability Details

2
GHSA
GHSA-mq8j-42c3-pxm3: A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker t2025-09-24
CVEList
CVE-2025-20315: A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker t2025-09-24

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Network-Based Application Recognition Denial of Service Vulnerability2025-09-24
CVE-2025-20315 — Cisco IOS XE Software vulnerability | cvebase