Cisco IOS XR up to 25.1.2 access control

Summaryinfo

A vulnerability, which was classified as critical, has been found in Cisco IOS XR. This vulnerability affects unknown code. The manipulation leads to access control. This vulnerability is listed as CVE-2025-20159. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability was found in Cisco IOS XR. It has been rated as critical. This issue affects an unknown functionality. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vulnerability exists because management interface ACLs have not been supported on Cisco IOS XR Software Packet I/O infrastructure platforms for Linux-handled features such as SSH, NetConf, or gRPC. An attacker could exploit this vulnerability by attempting to send traffic to an affected device. A successful exploit could allow the attacker to bypass an ingress ACL that is applied on the management interface of the affected device.

The advisory is shared at sec.cloudapps.cisco.com. The identification of this vulnerability is CVE-2025-20159 since 10/10/2024. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 09/12/2025). MITRE ATT&CK project uses the attack technique T1068 for this issue.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2025-2032). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Affected

• Cisco IOS XR

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• IOS XR

Version

• 6.5.1
• 6.5.2
• 6.5.3
• 6.6.1
• 6.6.2
• 6.6.3
• 6.6.4
• 6.6.11
• 6.6.12
• 6.6.25
• 7.0.1
• 7.0.2
• 7.0.11
• 7.0.12
• 7.0.14
• 7.0.90
• 7.1.1
• 7.1.2
• 7.2.1
• 7.2.2
• 7.2.12
• 7.3.1
• 7.3.2
• 7.3.3
• 7.3.4
• 7.3.5
• 7.3.6
• 7.3.15
• 7.3.16
• 7.3.27
• 7.4.1
• 7.4.2
• 7.4.15
• 7.4.16
• 7.5.1
• 7.5.2
• 7.5.3
• 7.5.4
• 7.5.5
• 7.5.12
• 7.5.52
• 7.6.1
• 7.6.2
• 7.6.15
• 7.7.1
• 7.7.2
• 7.7.21
• 7.8.1
• 7.8.2
• 7.8.12
• 7.8.22
• 7.9.1
• 7.9.2
• 7.10.1
• 7.10.2
• 7.11.1
• 7.11.2
• 7.11.21
• 24.1.1
• 24.1.2
• 24.2.1
• 24.2.2
• 24.2.11
• 24.2.20
• 24.2.21
• 24.3.1
• 24.3.2
• 24.3.20
• 24.3.30
• 24.4.1
• 24.4.2
• 24.4.30
• 25.1.1
• 25.1.2

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion