Denial of Service Vulnerability in Cisco IOS XR Software
CVE-2025-20115

8.6HIGH

Key Information:

Vendor
Cisco
Status
Cisco iOS Xr Software
Vendor
CVE Published:
12 March 2025

Badges

👾 Exploit Exists📰 News Worthy

Summary

A flaw in the handling of the Border Gateway Protocol (BGP) confederation implementation in Cisco IOS XR Software can lead to a denial of service condition. This vulnerability is triggered by memory corruption resulting from an AS_CONFED_SEQUENCE attribute that exceeds 255 autonomous system numbers. An unauthenticated remote attacker can exploit this condition by sending a specially crafted BGP update message, or through a network configuration that allows the AS_CONFED_SEQUENCE attribute to reach an excessive length. The exploitation can cause the BGP process to restart unexpectedly, disrupting network services. Control of a BGP confederation speaker within the same autonomous system is necessary for an attacker to carry out this exploit.

Affected Version(s)

Cisco IOS XR Software 6.5.3

Cisco IOS XR Software 6.5.29

Cisco IOS XR Software 6.5.1

News Articles

favicon imageBleepingComputer

Cisco IOS XR vulnerability lets attackers crash BGP on routers

Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message.

3 days ago

References

https://sec.cloudapps.cisco.com/security/center/content/C...
https://blog.apnic.net/2024/09/02/crafting-endless-as-pat...

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 📰

    First article discovered by BleepingComputer

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.