Denial of Service Vulnerability in Cisco Nexus Network Switches
CVE-2025-20262

5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Nx-os Software
Vendor: CVE Published:; 27 August 2025

Badges

👾 Exploit Exists

What is CVE-2025-20262?

A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 and 9000 Series Switches allows an authenticated, low-privileged, remote attacker to potentially trigger a crash of the PIM6 process. This is achieved through improper handling of ephemeral data queries. By sending a specially crafted query via NX-API REST, NETCONF, RESTConf, gRPC, or Model Driven Telemetry, attackers can exploit this weakness. The exploitation may result in adjacency flaps and a denial of service condition affecting both the PIM6 and ephemeral query processes, leading to network instability.

Affected Version(s)

Cisco NX-OS Software 9.2(3)

Cisco NX-OS Software 9.2(2v)

Cisco NX-OS Software 9.2(1)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 27, 2025
Vulnerability published
Aug 27, 2025
Vulnerability Reserved
Oct 10, 2024