CVE-2025-20316Improper Access Control in Cisco IOS XE Software

CWE-284Improper Access ControlCWE-362Race Condition5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 91.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE Software
Timeline
PublishedSep 24

Description

A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL on an affected device. This vulnerability is due to the flooding of traffic from an unlearned MAC address on a switch virtual interface (SVI) that has an egress ACL applied. An attacker could exploit this vulnerability by causing the VLAN to flush its MAC address table. This condition ca

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

CVEListV5cisco/cisco_ios_xe_software27 versions+26

🔴Vulnerability Details

2
GHSA
GHSA-84gm-4jph-65cm: A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow a2025-09-24
CVEList
CVE-2025-20316: A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow a2025-09-24

📋Vendor Advisories

2
Cisco
Cisco IOS XE Software on Cisco Catalyst 9500X and 9600X Series Switches Virtual Interface Access Control List Bypass Vulnerability2025-09-24
Microsoft
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata to perform this operation outside of the2022-08-09
CVE-2025-20316 — Improper Access Control in Cisco | cvebase