CVE-2025-20145

MEDIUM

Cisco IOS XR - Unauthenticated Access Control List Bypass via Egress Packet Handling

Title source: llm

Description

A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an egress ACL on the affected device. For more information about this vulnerability, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

References (2)

Core 2

Core References

Technical Description

https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-modular-ACL-u5MEPXMm

Scores

CVSS v3 5.8

EPSS 0.0004

EPSS Percentile 10.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-264

Status published

Products (50)

cisco/ios_xr 6.5.1

cisco/ios_xr 6.5.2

cisco/ios_xr 6.5.3

cisco/ios_xr 6.5.92

cisco/ios_xr 6.5.93

cisco/ios_xr 6.6.1

cisco/ios_xr 6.6.2

cisco/ios_xr 6.6.3

cisco/ios_xr 6.6.4

cisco/ios_xr 6.6.25

... and 40 more

Published Mar 12, 2025

Tracked Since Feb 18, 2026