CVE-2025-20316

MEDIUM

Cisco IOS XE Software 17.7.1-17.9.6a - Unauthenticated Access Control Bypass via SVI Egress ACL

Title source: llm

Description

A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL on an affected device. This vulnerability is due to the flooding of traffic from an unlearned MAC address on a switch virtual interface (SVI) that has an egress ACL applied. An attacker could exploit this vulnerability by causing the VLAN to flush its MAC address table. This condition can also occur if the MAC address table is full. A successful exploit could allow the attacker to bypass an egress ACL on an affected device.

References (1)

Core 1

Core References

Various Sources

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat9k-acl-L4K7VXgD

Scores

CVSS v3 5.3

EPSS 0.0003

EPSS Percentile 9.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (27)

Cisco/Cisco IOS XE Software 17.10.1

Cisco/Cisco IOS XE Software 17.10.1b

Cisco/Cisco IOS XE Software 17.11.1

Cisco/Cisco IOS XE Software 17.12.1

Cisco/Cisco IOS XE Software 17.12.2

Cisco/Cisco IOS XE Software 17.12.3

Cisco/Cisco IOS XE Software 17.12.4

Cisco/Cisco IOS XE Software 17.12.5

Cisco/Cisco IOS XE Software 17.13.1

Cisco/Cisco IOS XE Software 17.14.1

... and 17 more

Published Sep 24, 2025

Tracked Since Feb 18, 2026