CVE-2025-20145

Summary

A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.

This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an egress ACL on the affected device. For more information about this vulnerability, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco IOS XR Software6.5.3affected
CiscoCisco IOS XR Software6.5.2affected
CiscoCisco IOS XR Software6.5.92affected
CiscoCisco IOS XR Software6.5.1affected
CiscoCisco IOS XR Software6.6.2affected
CiscoCisco IOS XR Software7.0.1affected
CiscoCisco IOS XR Software6.6.25affected
CiscoCisco IOS XR Software6.6.1affected
CiscoCisco IOS XR Software6.5.93affected
CiscoCisco IOS XR Software7.1.1affected
CiscoCisco IOS XR Software7.0.90affected
CiscoCisco IOS XR Software6.6.3affected
CiscoCisco IOS XR Software7.0.2affected
CiscoCisco IOS XR Software7.2.1affected
CiscoCisco IOS XR Software7.1.2affected
CiscoCisco IOS XR Software7.0.11affected
CiscoCisco IOS XR Software7.0.12affected
CiscoCisco IOS XR Software7.0.14affected
CiscoCisco IOS XR Software6.6.4affected
CiscoCisco IOS XR Software7.2.12affected
CiscoCisco IOS XR Software7.3.1affected
CiscoCisco IOS XR Software7.4.1affected
CiscoCisco IOS XR Software7.2.2affected
CiscoCisco IOS XR Software7.3.15affected
CiscoCisco IOS XR Software7.3.16affected
CiscoCisco IOS XR Software7.3.2affected
CiscoCisco IOS XR Software7.5.1affected
CiscoCisco IOS XR Software7.6.1affected
CiscoCisco IOS XR Software7.5.2affected
CiscoCisco IOS XR Software7.8.1affected
CiscoCisco IOS XR Software7.5.12affected
CiscoCisco IOS XR Software7.7.1affected
CiscoCisco IOS XR Software7.3.3affected
CiscoCisco IOS XR Software7.4.2affected
CiscoCisco IOS XR Software7.3.4affected
CiscoCisco IOS XR Software7.6.2affected
CiscoCisco IOS XR Software7.5.3affected
CiscoCisco IOS XR Software7.7.2affected
CiscoCisco IOS XR Software7.9.1affected
CiscoCisco IOS XR Software7.10.1affected
CiscoCisco IOS XR Software7.8.2affected
CiscoCisco IOS XR Software7.5.4affected
CiscoCisco IOS XR Software7.8.22affected
CiscoCisco IOS XR Software7.7.21affected
CiscoCisco IOS XR Software7.9.2affected
CiscoCisco IOS XR Software7.3.5affected
CiscoCisco IOS XR Software7.5.5affected
CiscoCisco IOS XR Software7.11.1affected
CiscoCisco IOS XR Software7.10.2affected
CiscoCisco IOS XR Software24.1.1affected
CiscoCisco IOS XR Software7.3.6affected
CiscoCisco IOS XR Software7.11.2affected
CiscoCisco IOS XR Software24.2.1affected
CiscoCisco IOS XR Software24.1.2affected
CiscoCisco IOS XR Software24.2.11affected
CiscoCisco IOS XR Software24.3.1affected
CiscoCisco IOS XR Software24.4.1affected
CiscoCisco IOS XR Software24.2.2affected
CiscoCisco IOS XR Software7.11.21affected
CiscoCisco IOS XR Software24.2.20affected
CiscoCisco IOS XR Software24.3.2affected

Weaknesses

  • CWE-264: Permissions, Privileges, and Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References