Cisco has issued a safety advisory warning of a vulnerability in its IOS XR Software program that would enable attackers to launch denial-of-service (DoS) assaults.
The vulnerability, recognized as CVE-2025-20115, impacts the Border Gateway Protocol (BGP) confederation implementation.
The CVE-2025-20115 vulnerability impacts the Border Gateway Protocol (BGP) confederation implementation in Cisco IOS XR Software program, probably permitting an unauthenticated, distant attacker to trigger a denial-of-service (DoS) situation.
Overview of the vulnerability
This vulnerability arises from a reminiscence corruption problem that happens when a BGP replace comprises an AS_CONFED_SEQUENCE attribute with 255 or extra autonomous system numbers.
An attacker may exploit this vulnerability by sending crafted BGP replace messages or by configuring the community in such a means that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or extra.
To use the vulnerability, an attacker should both management a BGP confederation speaker throughout the similar autonomous system because the goal or engineer the community to fulfill this particular AS path size situation.
A profitable exploit can result in reminiscence corruption, probably inflicting the BGP course of to restart, which leads to a DoS situation and disrupts community operations.
The vulnerability has a CVSS rating of 8.6 primarily based on CVSS:3.1 and aligns with CWE-120, Buffer Copy with out Checking Measurement of Knowledge.
Affected Product
| Product | CVE | Advisory Hyperlink |
| Cisco IOS XR Software program | CVE-2025-20115 | Cisco Safety Advisory |
To use this vulnerability, an attacker should both management a BGP confederation speaker throughout the similar autonomous system because the goal or engineer the community in order that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or extra.
This highlights the danger of community design contributing to vulnerability.
Cisco has launched software program updates to handle this problem. Moreover, a workaround is offered by implementing a routing coverage to limit the BGP AS path size to 254 AS numbers or fewer.
Whereas this workaround has been examined and confirmed efficient, clients ought to consider its applicability and potential influence on their particular community surroundings.
This vulnerability underscores the significance of standard software program updates and community configuration critiques.
Prospects are suggested to seek the advice of with Cisco’s technical help for tailor-made recommendation and to make sure that any updates or workarounds are appropriate for his or her particular setup.
Are you from SOC/DFIR Groups? – Analyse Malware Incidents & get reside Entry with ANY.RUN -> Begin Now for Free.