CVE-2025-20340

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
7.4HIGH
EPSS
0.0%
top 90.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Cisco IOS XR Software
Timeline
PublishedSep 10

Description

A vulnerability in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a broadcast storm, leading to a denial of service (DoS) condition on an affected device. This vulnerability is due to how Cisco IOS XR Software processes a high, sustained rate of ARP traffic hitting the management interface. Under certain conditions, an attacker could exploit this vulnerability by sending an excessive amount of traffic to

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages1 packages

CVEListV5cisco/cisco_ios_xr_software105 versions+104

🔴Vulnerability Details

2
GHSA
GHSA-7xc2-hq29-896q: A vulnerability in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to2025-09-10
CVEList
Cisco IOS XR Address Resolution Protocol Broadcast Storm Vulnerability2025-09-10

📋Vendor Advisories

1
Cisco
Cisco IOS XR ARP Broadcast Storm Denial of Service Vulnerability2025-09-10
CVE-2025-20340 (HIGH CVSS 7.4) | A vulnerability in the Address Reso | cvebase.io