CVE-2025-20138

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software (affected versions not specified)

Description A vulnerability exists in the Command Line Interface (CLI) of Cisco IOS XR Software due to insufficient validation of user-supplied arguments passed to specific CLI commands. This allows an authenticated, local attacker with low privileges to execute arbitrary commands as root on the underlying operating system. Successful exploitation could lead to privilege escalation and complete system compromise.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.