CVE-2025-20141 - Vulnerability Details

A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.  This vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Ios Xr Ios Xr Software Ncs 540-12z20g-sys-a Ncs 540-12z20g-sys-d Ncs 540-24q2c2dd-sys Ncs 540-24q8l2dd-sys Ncs 540-24z8q2c-sys Ncs 540-28z4c-sys-a Ncs 540-28z4c-sys-d Ncs 540-6z14s-sys-d Ncs 540-6z18g-sys-a Ncs 540-6z18g-sys-d Ncs 540-acc-sys Ncs 540-fh-agg Ncs 540-fh-csr-sys Ncs 540x-12z16g-sys-a Ncs 540x-12z16g-sys-d Ncs 540x-16z4g8q2c-a Ncs 540x-16z4g8q2c-d Ncs 540x-16z8q2c-d Ncs 540x-4z14g2q-a Ncs 540x-4z14g2q-d Ncs 540x-6z18g-sys-a Ncs 540x-6z18g-sys-d Ncs 540x-8z16g-sys-a Ncs 540x-8z16g-sys-d Ncs 540x-acc-sys Ncs 5501 Ncs 5501-se Ncs 5502 Ncs 5502-se Ncs 5504 Ncs 5508 Ncs 5516 Ncs 55a1-24h Ncs 55a1-24q6h-s Ncs 55a1-24q6h-ss Ncs 55a1-36h Ncs 55a1-36h-se Ncs 55a1-48q6h Ncs 55a2-mod-hd-s Ncs 55a2-mod-s Ncs 55a2-mod-se-s Ncs 57b1-5dse-sys Ncs 57b1-6d24-sys Ncs 57c1-48q6-sys Ncs 57c3-mod-sys Ncs 57d2-18dd-sys

Configuration 1 [-]

AND

cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540-acc-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_540-fh-agg:-:::::::*
	cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-acc-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_5501:-:::::::*
	cpe:2.3:h:cisco:ncs_5501-se:-:::::::*
	cpe:2.3:h:cisco:ncs_5502:-:::::::*
	cpe:2.3:h:cisco:ncs_5502-se:-:::::::*
	cpe:2.3:h:cisco:ncs_5504:-:::::::*
	cpe:2.3:h:cisco:ncs_5508:-:::::::*
	cpe:2.3:h:cisco:ncs_5516:-:::::::*
	cpe:2.3:h:cisco:ncs_55a1-24h:-:::::::*
	cpe:2.3:h:cisco:ncs_55a1-24q6h-s:-:::::::*
	cpe:2.3:h:cisco:ncs_55a1-24q6h-ss:-:::::::*
	cpe:2.3:h:cisco:ncs_55a1-36h:-:::::::*
	cpe:2.3:h:cisco:ncs_55a1-36h-se:-:::::::*
	cpe:2.3:h:cisco:ncs_55a1-48q6h:-:::::::*
	cpe:2.3:h:cisco:ncs_55a2-mod-hd-s:-:::::::*
	cpe:2.3:h:cisco:ncs_55a2-mod-s:-:::::::*
	cpe:2.3:h:cisco:ncs_55a2-mod-se-s:-:::::::*
	cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:::::::*

No data.

References

Link	Providers
https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr792-bWfVDPY

History

Wed, 06 Aug 2025 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco ios Xr Cisco ncs 540-12z20g-sys-a Cisco ncs 540-12z20g-sys-d Cisco ncs 540-24q2c2dd-sys Cisco ncs 540-24q8l2dd-sys Cisco ncs 540-24z8q2c-sys Cisco ncs 540-28z4c-sys-a Cisco ncs 540-28z4c-sys-d Cisco ncs 540-6z14s-sys-d Cisco ncs 540-6z18g-sys-a Cisco ncs 540-6z18g-sys-d Cisco ncs 540-acc-sys Cisco ncs 540-fh-agg Cisco ncs 540-fh-csr-sys Cisco ncs 540x-12z16g-sys-a Cisco ncs 540x-12z16g-sys-d Cisco ncs 540x-16z4g8q2c-a Cisco ncs 540x-16z4g8q2c-d Cisco ncs 540x-16z8q2c-d Cisco ncs 540x-4z14g2q-a Cisco ncs 540x-4z14g2q-d Cisco ncs 540x-6z18g-sys-a Cisco ncs 540x-6z18g-sys-d Cisco ncs 540x-8z16g-sys-a Cisco ncs 540x-8z16g-sys-d Cisco ncs 540x-acc-sys Cisco ncs 5501 Cisco ncs 5501-se Cisco ncs 5502 Cisco ncs 5502-se Cisco ncs 5504 Cisco ncs 5508 Cisco ncs 5516 Cisco ncs 55a1-24h Cisco ncs 55a1-24q6h-s Cisco ncs 55a1-24q6h-ss Cisco ncs 55a1-36h Cisco ncs 55a1-36h-se Cisco ncs 55a1-48q6h Cisco ncs 55a2-mod-hd-s Cisco ncs 55a2-mod-s Cisco ncs 55a2-mod-se-s Cisco ncs 57b1-5dse-sys Cisco ncs 57b1-6d24-sys Cisco ncs 57c1-48q6-sys Cisco ncs 57c3-mod-sys Cisco ncs 57d2-18dd-sys
CPEs		cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:::::::* cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:::::::* cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:::::::* cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540-acc-sys:-:::::::* cpe:2.3:h:cisco:ncs_540-fh-agg:-:::::::* cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:::::::* cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:::::::* cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:::::::* cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-acc-sys:-:::::::* cpe:2.3:h:cisco:ncs_5501-se:-:::::::* cpe:2.3:h:cisco:ncs_5501:-:::::::* cpe:2.3:h:cisco:ncs_5502-se:-:::::::* cpe:2.3:h:cisco:ncs_5502:-:::::::* cpe:2.3:h:cisco:ncs_5504:-:::::::* cpe:2.3:h:cisco:ncs_5508:-:::::::* cpe:2.3:h:cisco:ncs_5516:-:::::::* cpe:2.3:h:cisco:ncs_55a1-24h:-:::::::* cpe:2.3:h:cisco:ncs_55a1-24q6h-s:-:::::::* cpe:2.3:h:cisco:ncs_55a1-24q6h-ss:-:::::::* cpe:2.3:h:cisco:ncs_55a1-36h-se:-:::::::* cpe:2.3:h:cisco:ncs_55a1-36h:-:::::::* cpe:2.3:h:cisco:ncs_55a1-48q6h:-:::::::* cpe:2.3:h:cisco:ncs_55a2-mod-hd-s:-:::::::* cpe:2.3:h:cisco:ncs_55a2-mod-s:-:::::::* cpe:2.3:h:cisco:ncs_55a2-mod-se-s:-:::::::* cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:::::::* cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:::::::* cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:::::::* cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:::::::* cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:::::::* cpe:2.3:o:cisco:ios_xr:7.9.2:::::::*
Vendors & Products		Cisco ios Xr Cisco ncs 540-12z20g-sys-a Cisco ncs 540-12z20g-sys-d Cisco ncs 540-24q2c2dd-sys Cisco ncs 540-24q8l2dd-sys Cisco ncs 540-24z8q2c-sys Cisco ncs 540-28z4c-sys-a Cisco ncs 540-28z4c-sys-d Cisco ncs 540-6z14s-sys-d Cisco ncs 540-6z18g-sys-a Cisco ncs 540-6z18g-sys-d Cisco ncs 540-acc-sys Cisco ncs 540-fh-agg Cisco ncs 540-fh-csr-sys Cisco ncs 540x-12z16g-sys-a Cisco ncs 540x-12z16g-sys-d Cisco ncs 540x-16z4g8q2c-a Cisco ncs 540x-16z4g8q2c-d Cisco ncs 540x-16z8q2c-d Cisco ncs 540x-4z14g2q-a Cisco ncs 540x-4z14g2q-d Cisco ncs 540x-6z18g-sys-a Cisco ncs 540x-6z18g-sys-d Cisco ncs 540x-8z16g-sys-a Cisco ncs 540x-8z16g-sys-d Cisco ncs 540x-acc-sys Cisco ncs 5501 Cisco ncs 5501-se Cisco ncs 5502 Cisco ncs 5502-se Cisco ncs 5504 Cisco ncs 5508 Cisco ncs 5516 Cisco ncs 55a1-24h Cisco ncs 55a1-24q6h-s Cisco ncs 55a1-24q6h-ss Cisco ncs 55a1-36h Cisco ncs 55a1-36h-se Cisco ncs 55a1-48q6h Cisco ncs 55a2-mod-hd-s Cisco ncs 55a2-mod-s Cisco ncs 55a2-mod-se-s Cisco ncs 57b1-5dse-sys Cisco ncs 57b1-6d24-sys Cisco ncs 57c1-48q6-sys Cisco ncs 57c3-mod-sys Cisco ncs 57d2-18dd-sys

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00052}`	epss `{'score': 0.00059}`

Fri, 21 Mar 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 12 Mar 2025 16:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.  This vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition.
Title		Cisco IOS XR Software Release 7.9.2 Denial of Service Vulnerabillity
Weaknesses		CWE-770
References		https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/ https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr792-bWfVDPY
Metrics		cvssV3_1 `{'score': 7.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2025-03-12T16:12:15.494Z

Updated: 2025-03-21T20:35:20.642Z

Reserved: 2024-10-10T19:15:13.214Z

Link: CVE-2025-20141

Vulnrichment

Updated: 2025-03-21T20:35:14.973Z

NVD

Status : Analyzed

Published: 2025-03-12T16:15:21.420

Modified: 2025-08-06T17:05:07.530

Link: CVE-2025-20141

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object