Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-20137

A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. Note: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 4.7, indicating it requires adjacent network access with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts limited integrity, for affected systems. Impacting 41 products from cisco, from cisco, from cisco and 38 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2025, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2025-05-07T18:15:36.473

Last Modified

2025-08-05T14:08:32.490

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.7 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-284
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco ios 15.2\(5a\)e Yes
Operating System cisco ios 15.2\(5b\)e Yes
Operating System cisco ios 15.2\(5c\)e Yes
Operating System cisco ios 15.2\(6\)e Yes
Operating System cisco ios 15.2\(6\)e0c Yes
Operating System cisco ios 15.2\(6\)e1 Yes
Operating System cisco ios 15.2\(6\)e2 Yes
Operating System cisco ios 15.2\(6\)e2b Yes
Operating System cisco ios 15.2\(6\)e3 Yes
Operating System cisco ios 15.2\(7\)e Yes
Operating System cisco ios 15.2\(7\)e0a Yes
Operating System cisco ios 15.2\(7\)e0s Yes
Operating System cisco ios 15.2\(7\)e1 Yes
Operating System cisco ios 15.2\(7\)e1a Yes
Operating System cisco ios 15.2\(7\)e2 Yes
Operating System cisco ios 15.2\(7\)e3 Yes
Operating System cisco ios 15.2\(7\)e3k Yes
Operating System cisco ios 15.2\(7\)e4 Yes
Operating System cisco ios 15.2\(7\)e5 Yes
Operating System cisco ios 15.2\(7\)e6 Yes
Operating System cisco ios 15.2\(7\)e7 Yes
Operating System cisco ios 15.2\(7\)e8 Yes
Operating System cisco ios 15.2\(7\)e9 Yes
Operating System cisco ios 15.2\(7\)e10 Yes
Operating System cisco ios 15.2\(7\)e11 Yes
Operating System cisco ios 15.2\(7\)e12 Yes
Operating System cisco ios 15.2\(7a\)e0b Yes
Operating System cisco ios 15.2\(7b\)e0b Yes
Operating System cisco ios 15.2\(8\)e Yes
Operating System cisco ios 15.2\(8\)e1 Yes
Operating System cisco ios 15.2\(8\)e2 Yes
Operating System cisco ios 15.2\(8\)e3 Yes
Operating System cisco ios 15.2\(8\)e4 Yes
Operating System cisco ios 15.2\(8\)e5 Yes
Operating System cisco ios 15.2\(8\)e6 Yes
Hardware cisco catalyst_1000-16fp-2g-l - No
Hardware cisco catalyst_1000-16p-2g-l - No
Hardware cisco catalyst_1000-16t-2g-l - No
Hardware cisco catalyst_1000-16t-e-2g-l - No
Hardware cisco catalyst_1000-24fp-4g-l - No
Hardware cisco catalyst_1000-24fp-4x-l - No
Hardware cisco catalyst_1000-24p-4g-l - No
Hardware cisco catalyst_1000-24p-4x-l - No
Hardware cisco catalyst_1000-24pp-4g-l - No
Hardware cisco catalyst_1000-24t-4g-l - No
Hardware cisco catalyst_1000-24t-4x-l - No
Hardware cisco catalyst_1000-48fp-4g-l - No
Hardware cisco catalyst_1000-48fp-4x-l - No
Hardware cisco catalyst_1000-48p-4g-l - No
Hardware cisco catalyst_1000-48p-4x-l - No
Hardware cisco catalyst_1000-48pp-4g-l - No
Hardware cisco catalyst_1000-48t-4g-l - No
Hardware cisco catalyst_1000-48t-4x-l - No
Hardware cisco catalyst_1000-8fp-2g-l - No
Hardware cisco catalyst_1000-8fp-e-2g-l - No
Hardware cisco catalyst_1000-8p-2g-l - No
Hardware cisco catalyst_1000-8p-e-2g-l - No
Hardware cisco catalyst_1000-8t-2g-l - No
Hardware cisco catalyst_1000-8t-e-2g-l - No
Hardware cisco catalyst_1000fe-24p-4g-l - No
Hardware cisco catalyst_1000fe-24t-4g-l - No
Hardware cisco catalyst_1000fe-48p-4g-l - No
Hardware cisco catalyst_1000fe-48t-4g-l - No
Hardware cisco catalyst_2960l-16ps-ll - No
Hardware cisco catalyst_2960l-16ts-ll - No
Hardware cisco catalyst_2960l-24pq-ll - No
Hardware cisco catalyst_2960l-24ps-ll - No
Hardware cisco catalyst_2960l-24tq-ll - No
Hardware cisco catalyst_2960l-24ts-ll - No
Hardware cisco catalyst_2960l-48pq-ll - No
Hardware cisco catalyst_2960l-48ps-ll - No
Hardware cisco catalyst_2960l-48tq-ll - No
Hardware cisco catalyst_2960l-48ts-ll - No
Hardware cisco catalyst_2960l-8ps-ll - No
Hardware cisco catalyst_2960l-8ts-ll - No
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For cisco's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.