Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-20177

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system. Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

Published

2025-03-12T16:15:22.347

Last Modified

2025-08-06T17:04:34.603

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-274
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco ios_xr < 7.11.21 Yes
Operating System cisco ios_xr < 24.2.2 Yes
Operating System cisco ios_xr < 24.3.2 Yes
Operating System cisco ios_xr 24.4 Yes
Hardware cisco 8011-4g24y4h-i - No
Hardware cisco 8101-32fh - No
Hardware cisco 8101-32fh-o - No
Hardware cisco 8101-32h-o - No
Hardware cisco 8102-28fh-dpu-o - No
Hardware cisco 8102-64h - No
Hardware cisco 8102-64h-o - No
Hardware cisco 8111-32eh-o - No
Hardware cisco 8122-64eh-o - No
Hardware cisco 8122-64ehf-o - No
Hardware cisco 8201 - No
Hardware cisco 8201-24h8fh - No
Hardware cisco 8201-32fh - No
Hardware cisco 8201-32fh-o - No
Hardware cisco 8202 - No
Hardware cisco 8202-32fh-m - No
Hardware cisco 8212-48fh-m - No
Hardware cisco 8404 - No
Hardware cisco 8501-sys-mt - No
Hardware cisco 8608 - No
Hardware cisco 8700 - No
Hardware cisco 8711-32fh-m - No
Hardware cisco 8712-mod-m - No
Hardware cisco 8804 - No
Hardware cisco 8808 - No
Hardware cisco 8812 - No
Hardware cisco 8818 - No
Hardware cisco ncs_1010 - No
Hardware cisco ncs_1014 - No
Hardware cisco ncs_540-12z20g-sys-a - No
Hardware cisco ncs_540-12z20g-sys-d - No
Hardware cisco ncs_540-24q2c2dd-sys - No
Hardware cisco ncs_540-24q8l2dd-sys - No
Hardware cisco ncs_540-24z8q2c-sys - No
Hardware cisco ncs_540-28z4c-sys-a - No
Hardware cisco ncs_540-28z4c-sys-d - No
Hardware cisco ncs_540-6z14s-sys-d - No
Hardware cisco ncs_540-6z18g-sys-a - No
Hardware cisco ncs_540-6z18g-sys-d - No
Hardware cisco ncs_540-acc-sys - No
Hardware cisco ncs_540-fh-agg - No
Hardware cisco ncs_540-fh-csr-sys - No
Hardware cisco ncs_540x-12z16g-sys-a - No
Hardware cisco ncs_540x-12z16g-sys-d - No
Hardware cisco ncs_540x-16z4g8q2c-a - No
Hardware cisco ncs_540x-16z4g8q2c-d - No
Hardware cisco ncs_540x-16z8q2c-d - No
Hardware cisco ncs_540x-4z14g2q-a - No
Hardware cisco ncs_540x-4z14g2q-d - No
Hardware cisco ncs_540x-6z18g-sys-a - No
Hardware cisco ncs_540x-6z18g-sys-d - No
Hardware cisco ncs_540x-8z16g-sys-a - No
Hardware cisco ncs_540x-8z16g-sys-d - No
Hardware cisco ncs_540x-acc-sys - No
Hardware cisco ncs_57b1-5dse-sys - No
Hardware cisco ncs_57b1-6d24-sys - No
Hardware cisco ncs_57c1-48q6-sys - No
Hardware cisco ncs_57c3-mod-sys - No
Hardware cisco ncs_57d2-18dd-sys - No
References