Cisco iOS vulnerabilities

CVE-2026-20125 [HIGH] CWE-228 CVE-2026-20125: A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3 A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this

CVE-2026-20012 [HIGH] CWE-401 CVE-2026-20012: A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) co

CVE-2025-20363 [CRITICAL] CWE-122 CVE-2025-20363: A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Softw A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS,

CVE-2025-20327 [HIGH] CWE-1287 CVE-2025-20327: A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker wi A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted URL in an HTTP request. A successful exploit

CVE-2025-20160 [HIGH] CWE-287 CVE-2025-20160: A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentication. This vulnerability exists because the system does not properly check whether the required TACACS+ shared secret is configured. A machine-in-the-mi

CVE-2025-20352 [HIGH] CWE-121 CVE-2025-20352: A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software. To cause the DoS,

CVE-2025-20149 [MEDIUM] CWE-120 CVE-2025-20149: A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authentica A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow. An attacker with a low-privileged account could exploit this vulnerability by usi

CVE-2025-20239 [HIGH] CWE-401 CVE-2025-20239: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vul

CVE-2025-20225 [MEDIUM] CWE-401 CVE-2025-20225: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This v

CVE-2025-20164 [HIGH] CWE-862 CVE-2025-20164: A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software co A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affec

CVE-2025-20154 [HIGH] CWE-20 CVE-2025-20154: A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Softw A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server proces

CVE-2025-20137 [MEDIUM] CWE-284 CVE-2025-20137: A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running o A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same inte

CVE-2025-20196 [MEDIUM] CWE-307 CVE-2025-20196: A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of HTTP reques

CVE-2025-20181 [MEDIUM] CWE-347 CVE-2025-20181: A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Sw A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to missing si

CVE-2025-20172 [HIGH] CWE-248 CVE-2025-20172: A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted S

CVE-2025-20171 [HIGH] CWE-248 CVE-2025-20171: A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affect

CVE-2025-20174 [HIGH] CWE-805 CVE-2025-20174: A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affect

CVE-2025-20176 [HIGH] CWE-248 CVE-2025-20176: A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affect

CVE-2025-20170 [HIGH] CWE-805 CVE-2025-20170: A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affect

CVE-2025-20173 [HIGH] CWE-248 CVE-2025-20173: A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affect