Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-20115

A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more.

Published

2025-03-12T16:15:21.090

Last Modified

2025-08-01T16:13:48.990

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

Weaknesses

Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xr	6.5.1	Yes
Operating System	cisco	ios_xr	6.5.2	Yes
Operating System	cisco	ios_xr	6.5.3	Yes
Operating System	cisco	ios_xr	6.5.15	Yes
Operating System	cisco	ios_xr	6.5.25	Yes
Operating System	cisco	ios_xr	6.5.26	Yes
Operating System	cisco	ios_xr	6.5.28	Yes
Operating System	cisco	ios_xr	6.5.29	Yes
Operating System	cisco	ios_xr	6.5.31	Yes
Operating System	cisco	ios_xr	6.5.32	Yes
Operating System	cisco	ios_xr	6.5.33	Yes
Operating System	cisco	ios_xr	6.5.35	Yes
Operating System	cisco	ios_xr	6.5.90	Yes
Operating System	cisco	ios_xr	6.5.92	Yes
Operating System	cisco	ios_xr	6.5.93	Yes
Operating System	cisco	ios_xr	6.6.1	Yes
Operating System	cisco	ios_xr	6.6.2	Yes
Operating System	cisco	ios_xr	6.6.3	Yes
Operating System	cisco	ios_xr	6.6.4	Yes
Operating System	cisco	ios_xr	6.6.11	Yes
Operating System	cisco	ios_xr	6.6.12	Yes
Operating System	cisco	ios_xr	6.6.25	Yes
Operating System	cisco	ios_xr	6.7.1	Yes
Operating System	cisco	ios_xr	6.7.2	Yes
Operating System	cisco	ios_xr	6.7.3	Yes
Operating System	cisco	ios_xr	6.7.4	Yes
Operating System	cisco	ios_xr	6.7.35	Yes
Operating System	cisco	ios_xr	6.8.1	Yes
Operating System	cisco	ios_xr	6.8.2	Yes
Operating System	cisco	ios_xr	6.9.1	Yes
Operating System	cisco	ios_xr	6.9.2	Yes
Operating System	cisco	ios_xr	7.0.0	Yes
Operating System	cisco	ios_xr	7.0.1	Yes
Operating System	cisco	ios_xr	7.0.2	Yes
Operating System	cisco	ios_xr	7.0.11	Yes
Operating System	cisco	ios_xr	7.0.12	Yes
Operating System	cisco	ios_xr	7.0.14	Yes
Operating System	cisco	ios_xr	7.0.90	Yes
Operating System	cisco	ios_xr	7.1.1	Yes
Operating System	cisco	ios_xr	7.1.2	Yes
Operating System	cisco	ios_xr	7.1.3	Yes
Operating System	cisco	ios_xr	7.1.15	Yes
Operating System	cisco	ios_xr	7.1.25	Yes
Operating System	cisco	ios_xr	7.2.0	Yes
Operating System	cisco	ios_xr	7.2.1	Yes
Operating System	cisco	ios_xr	7.2.2	Yes
Operating System	cisco	ios_xr	7.2.12	Yes
Operating System	cisco	ios_xr	7.3.1	Yes
Operating System	cisco	ios_xr	7.3.2	Yes
Operating System	cisco	ios_xr	7.3.3	Yes
Operating System	cisco	ios_xr	7.3.4	Yes
Operating System	cisco	ios_xr	7.3.5	Yes
Operating System	cisco	ios_xr	7.3.6	Yes
Operating System	cisco	ios_xr	7.3.15	Yes
Operating System	cisco	ios_xr	7.3.16	Yes
Operating System	cisco	ios_xr	7.3.27	Yes
Operating System	cisco	ios_xr	7.4.1	Yes
Operating System	cisco	ios_xr	7.4.2	Yes
Operating System	cisco	ios_xr	7.4.15	Yes
Operating System	cisco	ios_xr	7.4.16	Yes
Operating System	cisco	ios_xr	7.5.1	Yes
Operating System	cisco	ios_xr	7.5.2	Yes
Operating System	cisco	ios_xr	7.5.3	Yes
Operating System	cisco	ios_xr	7.5.4	Yes
Operating System	cisco	ios_xr	7.5.5	Yes
Operating System	cisco	ios_xr	7.5.12	Yes
Operating System	cisco	ios_xr	7.5.52	Yes
Operating System	cisco	ios_xr	7.6.1	Yes
Operating System	cisco	ios_xr	7.6.2	Yes
Operating System	cisco	ios_xr	7.6.3	Yes
Operating System	cisco	ios_xr	7.6.15	Yes
Operating System	cisco	ios_xr	7.7.1	Yes
Operating System	cisco	ios_xr	7.7.2	Yes
Operating System	cisco	ios_xr	7.7.21	Yes
Operating System	cisco	ios_xr	7.8.1	Yes
Operating System	cisco	ios_xr	7.8.2	Yes
Operating System	cisco	ios_xr	7.8.12	Yes
Operating System	cisco	ios_xr	7.8.22	Yes
Operating System	cisco	ios_xr	7.8.23	Yes
Operating System	cisco	ios_xr	7.9.1	Yes
Operating System	cisco	ios_xr	7.9.2	Yes
Operating System	cisco	ios_xr	7.9.21	Yes
Operating System	cisco	ios_xr	7.10.1	Yes
Operating System	cisco	ios_xr	7.10.2	Yes
Operating System	cisco	ios_xr	7.11.1	Yes
Operating System	cisco	ios_xr	7.11.2	Yes
Operating System	cisco	ios_xr	7.11.21	Yes
Operating System	cisco	ios_xr	24.1.1	Yes
Operating System	cisco	ios_xr	24.1.2	Yes
Operating System	cisco	ios_xr	24.2.1	Yes
Operating System	cisco	ios_xr	24.2.2	Yes
Operating System	cisco	ios_xr	24.2.11	Yes
Operating System	cisco	ios_xr	24.2.20	Yes

References

https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/ Third Party Advisory ([email protected])
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bgp-dos-O7stePhX Vendor Advisory ([email protected])