CVE-2025-20209

Summary

A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets. 

This vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco IOS XR Software6.5.3affected
CiscoCisco IOS XR Software6.6.1affected
CiscoCisco IOS XR Software6.5.2affected
CiscoCisco IOS XR Software6.6.2affected
CiscoCisco IOS XR Software6.5.1affected
CiscoCisco IOS XR Software7.0.1affected
CiscoCisco IOS XR Software6.6.25affected
CiscoCisco IOS XR Software7.0.0affected
CiscoCisco IOS XR Software7.1.1affected
CiscoCisco IOS XR Software6.6.3affected
CiscoCisco IOS XR Software7.0.2affected
CiscoCisco IOS XR Software7.2.0affected
CiscoCisco IOS XR Software7.1.2affected
CiscoCisco IOS XR Software7.2.1affected
CiscoCisco IOS XR Software7.3.1affected
CiscoCisco IOS XR Software7.4.1affected
CiscoCisco IOS XR Software7.2.2affected
CiscoCisco IOS XR Software7.3.2affected
CiscoCisco IOS XR Software7.5.1affected
CiscoCisco IOS XR Software7.3.27affected
CiscoCisco IOS XR Software7.6.1affected
CiscoCisco IOS XR Software7.5.2affected
CiscoCisco IOS XR Software7.7.1affected
CiscoCisco IOS XR Software7.4.2affected
CiscoCisco IOS XR Software7.6.2affected
CiscoCisco IOS XR Software7.8.1affected
CiscoCisco IOS XR Software7.7.2affected
CiscoCisco IOS XR Software7.9.1affected
CiscoCisco IOS XR Software7.8.2affected
CiscoCisco IOS XR Software7.8.22affected
CiscoCisco IOS XR Software7.10.1affected
CiscoCisco IOS XR Software7.7.21affected
CiscoCisco IOS XR Software7.9.2affected
CiscoCisco IOS XR Software7.11.1affected
CiscoCisco IOS XR Software7.10.2affected
CiscoCisco IOS XR Software24.1.1affected
CiscoCisco IOS XR Software7.11.2affected
CiscoCisco IOS XR Software24.2.1affected
CiscoCisco IOS XR Software24.1.2affected
CiscoCisco IOS XR Software24.2.11affected

Weaknesses

  • CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References