CVE-2025-20159

MEDIUM

Cisco IOS XR Software - Unauthenticated ACL Bypass for SSH, NetConf, and gRPC

Title source: llm

Description

A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vulnerability exists because management interface ACLs have not been supported on Cisco IOS XR Software Packet I/O infrastructure platforms for Linux-handled features such as SSH, NetConf, or gRPC. An attacker could exploit this vulnerability by attempting to send traffic to an affected device. A successful exploit could allow the attacker to bypass an ingress ACL that is applied on the management interface of the affected device.

References (1)

Core 1

Core References

Various Sources

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-acl-packetio-Swjhhbtz

Scores

CVSS v3 5.3

EPSS 0.0003

EPSS Percentile 9.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (50)

Cisco/Cisco IOS XR Software 24.1.1

Cisco/Cisco IOS XR Software 24.1.2

Cisco/Cisco IOS XR Software 24.2.1

Cisco/Cisco IOS XR Software 24.2.11

Cisco/Cisco IOS XR Software 24.2.2

Cisco/Cisco IOS XR Software 24.2.20

Cisco/Cisco IOS XR Software 24.2.21

Cisco/Cisco IOS XR Software 24.3.1

Cisco/Cisco IOS XR Software 24.3.2

Cisco/Cisco IOS XR Software 24.3.20

... and 40 more

Published Sep 10, 2025

Tracked Since Feb 18, 2026