CVE-2025-20209

CVE Database · CVE-2025-20209

CVE-2025-20209

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

0.51%

Published

Mar 12, 2025

Modified

Aug 1, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets.  This vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-770

Affected Products (44)

cisco · ios_xrvulnerable

cisco · ios_xr

References (2)

https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/

Not Applicable

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrike-9wYGpRGq

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs