Denial of Service Vulnerability in Cisco IOS XE Wireless Controller Software
CVE-2025-20202

7.4HIGH

Key Information:

Vendor: Cisco
Status: Cisco iOS Xe Software
Vendor: CVE Published:; 7 May 2025

Badges

👾 Exploit Exists

Summary

A security loophole within Cisco IOS XE Wireless Controller Software poses a risk allowing unauthenticated adjacent attackers to disrupt service by causing a denial of service (DoS) condition. This issue arises from inadequate input validation of Cisco Discovery Protocol (CDP) neighbor reports processed by the wireless controller. An attacker can leverage this vulnerability by transmitting a specially crafted CDP packet to an access point (AP). If successful, this exploit may result in an unexpected reload of the wireless controller managing the AP, severely impacting the wireless network's availability.

Affected Version(s)

Cisco IOS XE Software 16.10.1

Cisco IOS XE Software 16.10.1a

Cisco IOS XE Software 16.10.1b

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit known to exist
May 7, 2025
Vulnerability published
May 7, 2025
Vulnerability Reserved
Oct 10, 2024