CVE-2025-20144

Summary

A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.

This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device. For more information, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco IOS XR Software6.5.3affected
CiscoCisco IOS XR Software6.5.2affected
CiscoCisco IOS XR Software6.5.92affected
CiscoCisco IOS XR Software6.5.1affected
CiscoCisco IOS XR Software6.6.2affected
CiscoCisco IOS XR Software7.0.1affected
CiscoCisco IOS XR Software6.6.25affected
CiscoCisco IOS XR Software6.6.1affected
CiscoCisco IOS XR Software6.5.93affected
CiscoCisco IOS XR Software7.1.1affected
CiscoCisco IOS XR Software7.0.90affected
CiscoCisco IOS XR Software6.6.3affected
CiscoCisco IOS XR Software7.0.2affected
CiscoCisco IOS XR Software7.2.1affected
CiscoCisco IOS XR Software7.1.2affected
CiscoCisco IOS XR Software6.6.4affected
CiscoCisco IOS XR Software7.3.1affected
CiscoCisco IOS XR Software7.4.1affected
CiscoCisco IOS XR Software7.2.2affected
CiscoCisco IOS XR Software7.3.2affected
CiscoCisco IOS XR Software7.5.1affected
CiscoCisco IOS XR Software7.6.1affected
CiscoCisco IOS XR Software7.5.2affected
CiscoCisco IOS XR Software7.7.1affected
CiscoCisco IOS XR Software7.3.3affected
CiscoCisco IOS XR Software7.4.2affected
CiscoCisco IOS XR Software7.3.4affected
CiscoCisco IOS XR Software7.6.2affected
CiscoCisco IOS XR Software7.8.1affected
CiscoCisco IOS XR Software7.5.3affected
CiscoCisco IOS XR Software7.7.2affected
CiscoCisco IOS XR Software7.9.1affected
CiscoCisco IOS XR Software7.8.2affected
CiscoCisco IOS XR Software7.5.4affected
CiscoCisco IOS XR Software7.8.22affected
CiscoCisco IOS XR Software7.10.1affected
CiscoCisco IOS XR Software7.7.21affected
CiscoCisco IOS XR Software7.9.2affected
CiscoCisco IOS XR Software7.3.5affected
CiscoCisco IOS XR Software7.5.5affected
CiscoCisco IOS XR Software7.11.1affected
CiscoCisco IOS XR Software7.10.2affected
CiscoCisco IOS XR Software7.3.6affected

Weaknesses

  • CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References