Vulnerability in Cisco Catalyst Switches Allows Code Execution During Boot
CVE-2025-20181
6.8MEDIUM
Summary
A vulnerability exists in Cisco IOS Software for various Catalyst Switch models, allowing a local authenticated user or an unauthenticated individual with physical access to execute arbitrary code during the boot process. This vulnerability arises from inadequate signature verification for certain files, potentially enabling attackers to manipulate the boot sequence. By placing a crafted file in a designated location, an attacker can disrupt the security mechanisms of the device and execute persistent code, thereby undermining the integrity of the system's security features.
Affected Version(s)
IOS 15.0(1)XO1
IOS 15.0(1)XO
IOS 15.0(2)XO
References
CVSS V3.0
Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved