Cisco IOS XR up to 24.4.15 Installation signature verification

Summaryinfo

A vulnerability, which was classified as problematic, was found in Cisco IOS XR. This issue affects some unknown processing of the component Installation Handler. The manipulation results in signature verification. This vulnerability is cataloged as CVE-2025-20248. The attack must be initiated from a local position. There is no exploit available. You should upgrade the affected component.

Detailsinfo

A vulnerability classified as problematic has been found in Cisco IOS XR. Affected is some unknown functionality of the component Installation Handler. The manipulation with an unknown input leads to a signature verification vulnerability. CWE is classifying the issue as CWE-347. The product does not verify, or incorrectly verifies, the cryptographic signature for data. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files during the installation of an .iso file. An attacker could exploit this vulnerability by modifying contents of the .iso image and then installing and activating it on the device. A successful exploit could allow the attacker to load an unsigned file as part of the image activation process.

The advisory is available at sec.cloudapps.cisco.com. This vulnerability is traded as CVE-2025-20248 since 10/10/2024. The exploitability is told to be easy. Local access is required to approach this attack. Additional levels of successful authentication are needed for exploitation. The technical details are unknown and an exploit is not available.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the databases at EUVD (EUVD-2025-27575) and CERT Bund (WID-SEC-2025-2032). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Affected

• Cisco IOS XR

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• IOS XR

Version

• 6.5.1
• 6.5.2
• 6.5.3
• 6.5.15
• 6.5.25
• 6.5.26
• 6.5.28
• 6.5.29
• 6.5.31
• 6.5.32
• 6.5.33
• 6.5.35
• 6.5.90
• 6.5.92
• 6.5.93
• 6.5.351
• 6.5.352
• 6.6.1
• 6.6.2
• 6.6.3
• 6.6.4
• 6.6.11
• 6.6.12
• 6.6.25
• 6.7.1
• 6.7.2
• 6.7.3
• 6.7.35
• 6.8.1
• 6.8.2
• 6.9.1
• 6.9.2
• 7.0.0
• 7.0.1
• 7.0.2
• 7.0.90
• 7.1.1
• 7.1.2
• 7.1.3
• 7.1.15
• 7.1.25
• 7.2.0
• 7.2.1
• 7.2.2
• 7.3.1
• 7.3.2
• 7.3.3
• 7.3.4
• 7.3.5
• 7.3.6
• 7.3.27
• 7.4.1
• 7.4.2
• 7.4.15
• 7.4.16
• 7.5.1
• 7.5.2
• 7.5.3
• 7.5.4
• 7.5.5
• 7.6.1
• 7.6.2
• 7.6.3
• 7.6.15
• 7.7.1
• 7.7.2
• 7.7.21
• 7.8.1
• 7.8.2
• 7.8.22
• 7.8.23
• 7.9.1
• 7.9.2
• 7.9.21
• 7.10.1
• 7.10.2
• 7.11.1
• 7.11.2
• 7.11.21
• 24.1.1
• 24.1.2
• 24.2.1
• 24.2.2
• 24.2.11
• 24.2.20
• 24.3.1
• 24.3.2
• 24.4.1
• 24.4.10
• 24.4.15

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion