Access Control Vulnerability in Cisco Switches
CVE-2025-20137

4.7MEDIUM

Key Information:

Vendor
Cisco
Status
iOS
Vendor
CVE Published:
7 May 2025

Badges

👾 Exploit Exists

Summary

A flaw in the access control list (ACL) programming of Cisco IOS Software could enable an unauthenticated remote attacker to bypass configured ACLs on Cisco Catalyst 1000 and 2960L Switches. This vulnerability arises from the misuse of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is considered an unsupported configuration. Attackers could exploit this issue by sending malicious traffic through the affected devices, potentially gaining unauthorized access. Although Cisco has updated its documentation to indicate that this configuration is unsupported, there are currently no measures to restrict administrators from applying both features to the same interface.

Affected Version(s)

IOS 15.2(5a)E

IOS 15.2(5b)E

IOS 15.2(5c)E

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-20137 : Access Control Vulnerability in Cisco Switches | SecurityVulnerability.io