CVE-2025-20221

Summary

A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted packet to the affected device. A successful exploit could allow the attacker to bypass the Layer 3 and Layer 4 traffic filters and inject a crafted packet into the network.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco IOS XE Software16.12.13affected
CiscoCisco IOS XE Software17.1.1affected
CiscoCisco IOS XE Software17.1.1saffected
CiscoCisco IOS XE Software17.1.1taffected
CiscoCisco IOS XE Software17.1.3affected
CiscoCisco IOS XE Software17.2.1affected
CiscoCisco IOS XE Software17.2.1raffected
CiscoCisco IOS XE Software17.2.1aaffected
CiscoCisco IOS XE Software17.2.1vaffected
CiscoCisco IOS XE Software17.2.2affected
CiscoCisco IOS XE Software17.2.3affected
CiscoCisco IOS XE Software17.3.1affected
CiscoCisco IOS XE Software17.3.2affected
CiscoCisco IOS XE Software17.3.3affected
CiscoCisco IOS XE Software17.3.1aaffected
CiscoCisco IOS XE Software17.3.2aaffected
CiscoCisco IOS XE Software17.3.4affected
CiscoCisco IOS XE Software17.3.5affected
CiscoCisco IOS XE Software17.3.4aaffected
CiscoCisco IOS XE Software17.3.6affected
CiscoCisco IOS XE Software17.3.7affected
CiscoCisco IOS XE Software17.3.8affected
CiscoCisco IOS XE Software17.3.8aaffected
CiscoCisco IOS XE Software17.4.1affected
CiscoCisco IOS XE Software17.4.2affected
CiscoCisco IOS XE Software17.4.1aaffected
CiscoCisco IOS XE Software17.4.1baffected
CiscoCisco IOS XE Software17.5.1affected
CiscoCisco IOS XE Software17.5.1aaffected
CiscoCisco IOS XE Software17.6.1affected
CiscoCisco IOS XE Software17.6.2affected
CiscoCisco IOS XE Software17.6.1aaffected
CiscoCisco IOS XE Software17.6.3affected
CiscoCisco IOS XE Software17.6.1yaffected
CiscoCisco IOS XE Software17.6.3aaffected
CiscoCisco IOS XE Software17.6.4affected
CiscoCisco IOS XE Software17.6.5affected
CiscoCisco IOS XE Software17.6.6affected
CiscoCisco IOS XE Software17.6.6aaffected
CiscoCisco IOS XE Software17.6.5aaffected
CiscoCisco IOS XE Software17.6.7affected
CiscoCisco IOS XE Software17.6.8affected
CiscoCisco IOS XE Software17.6.8aaffected
CiscoCisco IOS XE Software17.7.1affected
CiscoCisco IOS XE Software17.7.1aaffected
CiscoCisco IOS XE Software17.7.2affected
CiscoCisco IOS XE Software17.10.1affected
CiscoCisco IOS XE Software17.10.1aaffected
CiscoCisco IOS XE Software17.10.1baffected
CiscoCisco IOS XE Software17.8.1affected
CiscoCisco IOS XE Software17.8.1aaffected
CiscoCisco IOS XE Software17.9.1affected
CiscoCisco IOS XE Software17.9.2affected
CiscoCisco IOS XE Software17.9.1aaffected
CiscoCisco IOS XE Software17.9.3affected
CiscoCisco IOS XE Software17.9.2aaffected
CiscoCisco IOS XE Software17.9.3aaffected
CiscoCisco IOS XE Software17.9.4affected
CiscoCisco IOS XE Software17.9.5affected
CiscoCisco IOS XE Software17.9.4aaffected
CiscoCisco IOS XE Software17.9.5aaffected
CiscoCisco IOS XE Software17.9.5baffected
CiscoCisco IOS XE Software17.9.6affected
CiscoCisco IOS XE Software17.9.6aaffected
CiscoCisco IOS XE Software17.9.5eaffected
CiscoCisco IOS XE Software17.9.5faffected
CiscoCisco IOS XE Software17.11.1affected
CiscoCisco IOS XE Software17.11.1aaffected
CiscoCisco IOS XE Software17.12.1affected
CiscoCisco IOS XE Software17.12.1aaffected
CiscoCisco IOS XE Software17.12.2affected
CiscoCisco IOS XE Software17.12.3affected
CiscoCisco IOS XE Software17.12.4affected
CiscoCisco IOS XE Software17.12.3aaffected
CiscoCisco IOS XE Software17.12.1z2affected
CiscoCisco IOS XE Software17.12.4aaffected
CiscoCisco IOS XE Software17.12.4baffected
CiscoCisco IOS XE Software17.13.1affected
CiscoCisco IOS XE Software17.13.1aaffected
CiscoCisco IOS XE Software17.14.1affected
CiscoCisco IOS XE Software17.14.1aaffected
CiscoCisco IOS XE Software17.15.1affected
CiscoCisco IOS XE Software17.15.1aaffected
CiscoCisco IOS XE Software17.15.2affected
CiscoCisco IOS XE Software17.15.1xaffected
CiscoCisco IOS XE Software17.15.2caffected
CiscoCisco IOS XE Software17.15.2baffected
CiscoCisco IOS XE Software17.16.1affected
CiscoCisco IOS XE Software17.16.1aaffected

Weaknesses

  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References