CVE-2025-20327

HIGH

Cisco IOS Software - DoS

Title source: llm

Description

A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted URL in an HTTP request. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

References (1)

[Various Sources] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-invalid-url-dos-Nvxszf6u

Scores

CVSS v3 7.7

EPSS 0.0017

EPSS Percentile 38.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1287

Status published

Products (29)

Cisco/IOS 15.2(6)E2

Cisco/IOS 15.2(6)E2a

Cisco/IOS 15.2(6)E2b

Cisco/IOS 15.2(6)E3

Cisco/IOS 15.2(7)E

Cisco/IOS 15.2(7)E0a

Cisco/IOS 15.2(7)E0b

Cisco/IOS 15.2(7)E0s

Cisco/IOS 15.2(7)E1

Cisco/IOS 15.2(7)E10

... and 19 more

Published Sep 24, 2025

Tracked Since Feb 18, 2026