23
Recently, Cisco has released updates to address multiple vulnerabilities in IOS XR, including one that could potentially bypass image signature verification. It is crucial for users to promptly install the latest updates to protect their devices from potential security threats.
Overview of Cisco IOS XR Vulnerabilities
Cisco has patched three vulnerabilities in the IOS XR network operating system through recent updates. Among these, two are classified as high-severity vulnerabilities, while the third is considered a medium-severity issue. Here is a brief overview of these vulnerabilities:
CVE-2025-20248 (high severity; CVSS 6.0): This vulnerability allowed an authenticated attacker to bypass image signature verification during the IOS XR installation process. The flaw stemmed from incomplete file validation, enabling the installation of unsigned software on the target device. Cisco addressed this by implementing additional file checks in .iso images to prevent unauthorized installations. Credit for discovering this vulnerability goes to an external researcher.
CVE-2025-20340 (high severity; CVSS 7.4): This vulnerability affected the Address Resolution Protocol (ARP) implementation in IOS XR, potentially leading to denial of service attacks. Exploiting this flaw required sending a high volume of ARP traffic to the management interface, causing device crashes. Cisco recommended upgrading to a patched software release to mitigate this vulnerability.
CVE-2025-20159 (medium severity; CVSS 5.3): This vulnerability impacted the management interface access control list (ACL) processing in IOS XR, allowing authenticated remote attackers to bypass configured ACLs for SSH, NetConf, and gRPC features. Cisco provided software updates and a detailed workaround to address this issue.
No Active Exploitation Reported
Cisco has identified the affected routers in the advisories and confirmed that no active exploitation attempts have been detected for any of the vulnerabilities. However, users of Cisco IOS XR are advised to review the advisories to determine if their devices are vulnerable and apply the necessary patches as a precaution.
We encourage you to share your thoughts in the comments section below.
Stay updated on this post category in real time by subscribing to receive notifications on your device.
