CVE-2025-20115

HIGH EPSS 55.8%
Published Mar 12, 20251y ago · Modified Jun 17, 20261w ago
8.6 CVSS 3.1
High
Find Similar
Published Mar 12, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more.

CVSS Details

Base Score
8.6
Exploitability
3.9
Impact
4.0
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Changed
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
55.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-120

Affected Products 93

VendorProductVersionRange
ciscoios_xr6.5.1any
ciscoios_xr6.5.2any
ciscoios_xr6.5.3any
ciscoios_xr6.5.15any
ciscoios_xr6.5.25any
ciscoios_xr6.5.26any
ciscoios_xr6.5.28any
ciscoios_xr6.5.29any
ciscoios_xr6.5.31any
ciscoios_xr6.5.32any
ciscoios_xr6.5.33any
ciscoios_xr6.5.35any
ciscoios_xr6.5.90any
ciscoios_xr6.5.92any
ciscoios_xr6.5.93any
ciscoios_xr6.6.1any
ciscoios_xr6.6.2any
ciscoios_xr6.6.3any
ciscoios_xr6.6.4any
ciscoios_xr6.6.11any
ciscoios_xr6.6.12any
ciscoios_xr6.6.25any
ciscoios_xr6.7.1any
ciscoios_xr6.7.2any
ciscoios_xr6.7.3any
ciscoios_xr6.7.4any
ciscoios_xr6.7.35any
ciscoios_xr6.8.1any
ciscoios_xr6.8.2any
ciscoios_xr6.9.1any
ciscoios_xr6.9.2any
ciscoios_xr7.0.0any
ciscoios_xr7.0.1any
ciscoios_xr7.0.2any
ciscoios_xr7.0.11any
ciscoios_xr7.0.12any
ciscoios_xr7.0.14any
ciscoios_xr7.0.90any
ciscoios_xr7.1.1any
ciscoios_xr7.1.2any
ciscoios_xr7.1.3any
ciscoios_xr7.1.15any
ciscoios_xr7.1.25any
ciscoios_xr7.2.0any
ciscoios_xr7.2.1any
ciscoios_xr7.2.2any
ciscoios_xr7.2.12any
ciscoios_xr7.3.1any
ciscoios_xr7.3.2any
ciscoios_xr7.3.3any
ciscoios_xr7.3.4any
ciscoios_xr7.3.5any
ciscoios_xr7.3.6any
ciscoios_xr7.3.15any
ciscoios_xr7.3.16any
ciscoios_xr7.3.27any
ciscoios_xr7.4.1any
ciscoios_xr7.4.2any
ciscoios_xr7.4.15any
ciscoios_xr7.4.16any
ciscoios_xr7.5.1any
ciscoios_xr7.5.2any
ciscoios_xr7.5.3any
ciscoios_xr7.5.4any
ciscoios_xr7.5.5any
ciscoios_xr7.5.12any
ciscoios_xr7.5.52any
ciscoios_xr7.6.1any
ciscoios_xr7.6.2any
ciscoios_xr7.6.3any
ciscoios_xr7.6.15any
ciscoios_xr7.7.1any
ciscoios_xr7.7.2any
ciscoios_xr7.7.21any
ciscoios_xr7.8.1any
ciscoios_xr7.8.2any
ciscoios_xr7.8.12any
ciscoios_xr7.8.22any
ciscoios_xr7.8.23any
ciscoios_xr7.9.1any
ciscoios_xr7.9.2any
ciscoios_xr7.9.21any
ciscoios_xr7.10.1any
ciscoios_xr7.10.2any
ciscoios_xr7.11.1any
ciscoios_xr7.11.2any
ciscoios_xr7.11.21any
ciscoios_xr24.1.1any
ciscoios_xr24.1.2any
ciscoios_xr24.2.1any
ciscoios_xr24.2.2any
ciscoios_xr24.2.11any
ciscoios_xr24.2.20any

References 2

  • blog.apnic.net https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/
    Third Party Advisory
  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bgp-dos-O7stePhX
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.