Denial of Service Vulnerability in Cisco IOS XE Wireless Controller Software
CVE-2025-20202

7.4HIGH

Key Information:

Vendor

Cisco
Status
Cisco iOS Xe Software
Vendor
CVE Published:
7 May 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-20202?

A security loophole within Cisco IOS XE Wireless Controller Software poses a risk allowing unauthenticated adjacent attackers to disrupt service by causing a denial of service (DoS) condition. This issue arises from inadequate input validation of Cisco Discovery Protocol (CDP) neighbor reports processed by the wireless controller. An attacker can leverage this vulnerability by transmitting a specially crafted CDP packet to an access point (AP). If successful, this exploit may result in an unexpected reload of the wireless controller managing the AP, severely impacting the wireless network's availability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco IOS XE Software 16.10.1

Cisco IOS XE Software 16.10.1a

Cisco IOS XE Software 16.10.1b

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.