CVE-2025-20209

HIGH EPSS 39.4%
Published Mar 12, 20251y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
High
Find Similar
Published Mar 12, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets.  This vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
39.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-770

Affected Products 44

VendorProductVersionRange
ciscoios_xr6.5.1any
ciscoios_xr6.5.2any
ciscoios_xr6.5.3any
ciscoios_xr6.6.1any
ciscoios_xr6.6.2any
ciscoios_xr6.6.3any
ciscoios_xr6.6.25any
ciscoios_xr7.0.0any
ciscoios_xr7.0.1any
ciscoios_xr7.0.2any
ciscoios_xr7.1.1any
ciscoios_xr7.1.2any
ciscoios_xr7.2.0any
ciscoios_xr7.2.1any
ciscoios_xr7.2.2any
ciscoios_xr7.3.1any
ciscoios_xr7.3.2any
ciscoios_xr7.3.27any
ciscoios_xr7.4.1any
ciscoios_xr7.4.2any
ciscoios_xr7.5.1any
ciscoios_xr7.5.2any
ciscoios_xr7.6.1any
ciscoios_xr7.6.2any
ciscoios_xr7.7.1any
ciscoios_xr7.7.2any
ciscoios_xr7.7.21any
ciscoios_xr7.8.1any
ciscoios_xr7.8.2any
ciscoios_xr7.8.22any
ciscoios_xr7.9.1any
ciscoios_xr7.9.2any
ciscoios_xr7.10.1any
ciscoios_xr7.10.2any
ciscoios_xr7.11.1any
ciscoios_xr7.11.2any
ciscoios_xr24.1.1any
ciscoios_xr24.1.2any
ciscoios_xr24.2.1any
ciscoios_xr24.2.11any
cisconcs_1004*any
cisconcs_1010*any
cisconcs_1014*any
cisconcs_540l*any

References 2

  • blog.apnic.net https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/
    Not Applicable
  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrike-9wYGpRGq
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.