Access Control Vulnerability in Cisco Switches
CVE-2025-20137

4.7MEDIUM

Key Information:

Vendor: Cisco
Status: iOS
Vendor: CVE Published:; 7 May 2025

Badges

👾 Exploit Exists

What is CVE-2025-20137?

A flaw in the access control list (ACL) programming of Cisco IOS Software could enable an unauthenticated remote attacker to bypass configured ACLs on Cisco Catalyst 1000 and 2960L Switches. This vulnerability arises from the misuse of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is considered an unsupported configuration. Attackers could exploit this issue by sending malicious traffic through the affected devices, potentially gaining unauthorized access. Although Cisco has updated its documentation to indicate that this configuration is unsupported, there are currently no measures to restrict administrators from applying both features to the same interface.

Affected Version(s)

IOS 15.2(5a)E

IOS 15.2(5b)E

IOS 15.2(5c)E

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 7, 2025
Vulnerability published
May 7, 2025
Vulnerability Reserved
Oct 10, 2024