Denial of Service Vulnerability in Cisco IOS XE Software's IKEv1 Implementation
CVE-2025-20192

7.7HIGH

Key Information:

Vendor
Cisco
Status
Cisco iOS Xe Software
Vendor
CVE Published:
7 May 2025

Badges

👾 Exploit Exists

Summary

A vulnerability exists in the Internet Key Exchange version 1 (IKEv1) implementation of Cisco IOS XE Software, which could be exploited by an authenticated, remote attacker to induce a denial of service (DoS) condition. This issue is attributed to improper validation of IKEv1 phase 2 parameters before the IPsec security association creation request is forwarded to the hardware cryptographic accelerator. An attacker with valid IKEv1 VPN credentials may exploit this vulnerability by sending specially crafted IKEv1 messages, potentially resulting in the affected device reloading and disrupting services.

Affected Version(s)

Cisco IOS XE Software 3.13.0S

Cisco IOS XE Software 3.13.1S

Cisco IOS XE Software 3.13.2S

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-20192 : Denial of Service Vulnerability in Cisco IOS XE Software's IKEv1 Implementation | SecurityVulnerability.io