CVE-2025-20154

HIGH EPSS 35.3%
Published May 7, 20251y ago · Modified Jun 17, 20262w ago
8.6 CVSS 3.1
High
Find Similar
Published May 7, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server process to reload unexpectedly if debugs are enabled. This vulnerability is due to out-of-bounds array access when processing specially crafted TWAMP control packets. An attacker could exploit this vulnerability by sending crafted TWAMP control packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: For Cisco IOS XR Software, only the ipsla_ippm_server process reloads unexpectedly and only when debugs are enabled. The vulnerability details for Cisco IOS XR Software are as follows:    Security Impact Rating (SIR): Low    CVSS Base Score: 3.7    CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS Details

Base Score
8.6
Exploitability
3.9
Impact
4.0
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Changed
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
35.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 94

VendorProductVersionRange
ciscoios* ≤15.9\(3\)m11
ciscoios_xe*≥16.6.1  –  ≤17.2.3
ciscoios_xr6.5.1any
ciscoios_xr6.5.2any
ciscoios_xr6.5.3any
ciscoios_xr6.5.15any
ciscoios_xr6.5.25any
ciscoios_xr6.5.26any
ciscoios_xr6.5.28any
ciscoios_xr6.5.29any
ciscoios_xr6.5.31any
ciscoios_xr6.5.32any
ciscoios_xr6.5.33any
ciscoios_xr6.5.35any
ciscoios_xr6.5.90any
ciscoios_xr6.5.92any
ciscoios_xr6.5.93any
ciscoios_xr6.6.1any
ciscoios_xr6.6.2any
ciscoios_xr6.6.3any
ciscoios_xr6.6.4any
ciscoios_xr6.6.11any
ciscoios_xr6.6.12any
ciscoios_xr6.6.25any
ciscoios_xr6.7.1any
ciscoios_xr6.7.2any
ciscoios_xr6.7.3any
ciscoios_xr6.7.4any
ciscoios_xr6.7.35any
ciscoios_xr6.8.1any
ciscoios_xr6.8.2any
ciscoios_xr6.9.1any
ciscoios_xr6.9.2any
ciscoios_xr7.0.0any
ciscoios_xr7.0.1any
ciscoios_xr7.0.2any
ciscoios_xr7.0.11any
ciscoios_xr7.0.12any
ciscoios_xr7.0.14any
ciscoios_xr7.0.90any
ciscoios_xr7.1.1any
ciscoios_xr7.1.2any
ciscoios_xr7.1.3any
ciscoios_xr7.1.15any
ciscoios_xr7.1.25any
ciscoios_xr7.2.0any
ciscoios_xr7.2.1any
ciscoios_xr7.2.2any
ciscoios_xr7.2.12any
ciscoios_xr7.3.1any
ciscoios_xr7.3.2any
ciscoios_xr7.3.3any
ciscoios_xr7.3.4any
ciscoios_xr7.3.5any
ciscoios_xr7.3.6any
ciscoios_xr7.3.15any
ciscoios_xr7.3.16any
ciscoios_xr7.3.27any
ciscoios_xr7.4.1any
ciscoios_xr7.4.2any
ciscoios_xr7.4.15any
ciscoios_xr7.4.16any
ciscoios_xr7.5.1any
ciscoios_xr7.5.2any
ciscoios_xr7.5.3any
ciscoios_xr7.5.4any
ciscoios_xr7.5.5any
ciscoios_xr7.5.12any
ciscoios_xr7.6.1any
ciscoios_xr7.6.2any
ciscoios_xr7.6.3any
ciscoios_xr7.6.15any
ciscoios_xr7.7.1any
ciscoios_xr7.7.2any
ciscoios_xr7.7.21any
ciscoios_xr7.8.1any
ciscoios_xr7.8.2any
ciscoios_xr7.8.22any
ciscoios_xr7.8.23any
ciscoios_xr7.9.1any
ciscoios_xr7.9.2any
ciscoios_xr7.9.21any
ciscoios_xr7.10.1any
ciscoios_xr7.10.2any
ciscoios_xr7.11.1any
ciscoios_xr7.11.2any
ciscoios_xr7.11.21any
ciscoios_xr24.1.1any
ciscoios_xr24.1.2any
ciscoios_xr24.2.1any
ciscoios_xr24.2.2any
ciscoios_xr24.2.11any
ciscoios_xr24.2.20any
ciscoios_xr24.3.1any

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.