Cisco NX-OS up to 10.5(2) Protocol Independent Multicast Version 6 null pointer dereference

Summaryinfo

A vulnerability was found in Cisco NX-OS. It has been rated as problematic. This affects an unknown part of the component Protocol Independent Multicast Version 6. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-20262. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

Detailsinfo

A vulnerability was found in Cisco NX-OS. It has been rated as problematic. This issue affects an unknown function of the component Protocol Independent Multicast Version 6. The manipulation with an unknown input leads to a null pointer dereference vulnerability. Using CWE to declare the problem leads to CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. Impacted is availability. The summary by CVE is:

A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of PIM6 ephemeral data queries. An attacker could exploit this vulnerability by sending a crafted ephemeral query to an affected device through one of the following methods: NX-API REST, NETCONF, RESTConf, gRPC, or Model Driven Telemetry. A successful exploit could allow the attacker to cause the PIM6 process to crash and restart, causing potential adjacency flaps and resulting in a DoS of the PIM6 and ephemeral query processes.

It is possible to read the advisory at sec.cloudapps.cisco.com. The identification of this vulnerability is CVE-2025-20262 since 10/10/2024. The exploitation is known to be easy. The attack may be initiated remotely. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 08/29/2025).

Upgrading eliminates this vulnerability.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• NX-OS

Version

• 9.2(1)
• 9.2(2)
• 9.2(2t)
• 9.2(2v)
• 9.2(3)
• 9.2(3y)
• 9.2(4)
• 9.3(1)
• 9.3(1z)
• 9.3(2)
• 9.3(3)
• 9.3(4)
• 9.3(5)
• 9.3(5w)
• 9.3(6)
• 9.3(7)
• 9.3(7a)
• 9.3(7k)
• 9.3(8)
• 9.3(9)
• 9.3(10)
• 9.3(11)
• 9.3(12)
• 9.3(13)
• 9.3(14)
• 10.1(1)
• 10.1(2)
• 10.1(2t)
• 10.2(1)
• 10.2(1q)
• 10.2(2)
• 10.2(2a)
• 10.2(3)
• 10.2(3t)
• 10.2(3v)
• 10.2(4)
• 10.2(5)
• 10.2(6)
• 10.2(7)
• 10.2(8)
• 10.3(1)
• 10.3(2)
• 10.3(3)
• 10.3(3o)
• 10.3(3p)
• 10.3(3q)
• 10.3(3r)
• 10.3(3w)
• 10.3(3x)
• 10.3(4)
• 10.3(4a)
• 10.3(4g)
• 10.3(4h)
• 10.3(5)
• 10.3(6)
• 10.3(99w)
• 10.3(99x)
• 10.4(1)
• 10.4(2)
• 10.4(3)
• 10.4(4)
• 10.4(4g)
• 10.5(1)
• 10.5(2)

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion