Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-20209

A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets.  This vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Published

2025-03-12T16:15:22.507

Last Modified

2025-08-01T14:59:24.573

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-770

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xr	6.5.1	Yes
Operating System	cisco	ios_xr	6.5.2	Yes
Operating System	cisco	ios_xr	6.5.3	Yes
Operating System	cisco	ios_xr	6.6.1	Yes
Operating System	cisco	ios_xr	6.6.2	Yes
Operating System	cisco	ios_xr	6.6.3	Yes
Operating System	cisco	ios_xr	6.6.25	Yes
Operating System	cisco	ios_xr	7.0.0	Yes
Operating System	cisco	ios_xr	7.0.1	Yes
Operating System	cisco	ios_xr	7.0.2	Yes
Operating System	cisco	ios_xr	7.1.1	Yes
Operating System	cisco	ios_xr	7.1.2	Yes
Operating System	cisco	ios_xr	7.2.0	Yes
Operating System	cisco	ios_xr	7.2.1	Yes
Operating System	cisco	ios_xr	7.2.2	Yes
Operating System	cisco	ios_xr	7.3.1	Yes
Operating System	cisco	ios_xr	7.3.2	Yes
Operating System	cisco	ios_xr	7.3.27	Yes
Operating System	cisco	ios_xr	7.4.1	Yes
Operating System	cisco	ios_xr	7.4.2	Yes
Operating System	cisco	ios_xr	7.5.1	Yes
Operating System	cisco	ios_xr	7.5.2	Yes
Operating System	cisco	ios_xr	7.6.1	Yes
Operating System	cisco	ios_xr	7.6.2	Yes
Operating System	cisco	ios_xr	7.7.1	Yes
Operating System	cisco	ios_xr	7.7.2	Yes
Operating System	cisco	ios_xr	7.7.21	Yes
Operating System	cisco	ios_xr	7.8.1	Yes
Operating System	cisco	ios_xr	7.8.2	Yes
Operating System	cisco	ios_xr	7.8.22	Yes
Operating System	cisco	ios_xr	7.9.1	Yes
Operating System	cisco	ios_xr	7.9.2	Yes
Operating System	cisco	ios_xr	7.10.1	Yes
Operating System	cisco	ios_xr	7.10.2	Yes
Operating System	cisco	ios_xr	7.11.1	Yes
Operating System	cisco	ios_xr	7.11.2	Yes
Operating System	cisco	ios_xr	24.1.1	Yes
Operating System	cisco	ios_xr	24.1.2	Yes
Operating System	cisco	ios_xr	24.2.1	Yes
Operating System	cisco	ios_xr	24.2.11	Yes
Hardware	cisco	ncs_1004	-	No
Hardware	cisco	ncs_1010	-	No
Hardware	cisco	ncs_1014	-	No
Hardware	cisco	ncs_540l	-	No

References

https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/ Not Applicable ([email protected])
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrike-9wYGpRGq Vendor Advisory ([email protected])