Vulnerability in Cisco IOS XR Software Allows Unauthorized Software Loading
CVE-2025-20143
Summary
A vulnerability exists in the boot process of Cisco IOS XR Software that enables an authenticated user with elevated privileges to circumvent the Secure Boot mechanism and load unverified software onto affected devices. This issue arises due to inadequate verification of modules during the software load process. An attacker could leverage this flaw to manipulate binaries, effectively bypassing certain integrity checks enforced during boot. Exploiting this vulnerability allows an attacker to take control of the boot configuration, which could lead to the ability to run Cisco unsigned images or modify the security characteristics of the operating system. Cisco has issued software updates to remediate this vulnerability, with no available workarounds.
Affected Version(s)
Cisco IOS XR Software 6.5.3
Cisco IOS XR Software 6.5.2
Cisco IOS XR Software 6.5.92
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved