Cisco IOS XR up to 24.3.1 Boot Process insufficient privileges

Summaryinfo

A vulnerability classified as critical has been found in Cisco IOS XR. Affected by this vulnerability is an unknown functionality of the component Boot Process. The manipulation leads to insufficient privileges. This vulnerability is referenced as CVE-2025-20177. The attack can only be performed from a local environment. No exploit is available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, has been found in Cisco IOS XR. This issue affects some unknown processing of the component Boot Process. The manipulation with an unknown input leads to a insufficient privileges vulnerability. Using CWE to declare the problem leads to CWE-274. The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system. Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

The advisory is shared at sec.cloudapps.cisco.com. The identification of this vulnerability is CVE-2025-20177 since 10/10/2024. The exploitation is known to be easy. An attack has to be approached locally. The exploitation requires an enhanced level of successful authentication. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 08/06/2025). MITRE ATT&CK project uses the attack technique T1068 for this issue.

Upgrading eliminates this vulnerability.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• IOS XR

Version

• 6.7.1
• 6.7.2
• 6.7.3
• 6.7.4
• 6.7.35
• 6.8.1
• 6.8.2
• 6.9.1
• 6.9.2
• 7.0.0
• 7.0.1
• 7.0.2
• 7.0.11
• 7.0.12
• 7.0.14
• 7.0.90
• 7.1.1
• 7.1.2
• 7.1.3
• 7.1.15
• 7.1.25
• 7.2.0
• 7.2.1
• 7.2.2
• 7.2.12
• 7.3.1
• 7.3.2
• 7.3.3
• 7.3.4
• 7.3.5
• 7.3.6
• 7.3.15
• 7.3.16
• 7.3.27
• 7.4.1
• 7.4.2
• 7.4.15
• 7.4.16
• 7.5.1
• 7.5.2
• 7.5.3
• 7.5.4
• 7.5.5
• 7.5.12
• 7.6.1
• 7.6.2
• 7.6.3
• 7.6.15
• 7.7.1
• 7.7.2
• 7.7.21
• 7.8.1
• 7.8.2
• 7.8.22
• 7.8.23
• 7.9.1
• 7.9.2
• 7.9.21
• 7.10.1
• 7.10.2
• 7.11.1
• 7.11.2
• 24.1.1
• 24.1.2
• 24.2.1
• 24.2.11
• 24.3.1

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion