CVE-2025-20142

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers (affected versions not specified)

Description: A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This is due to the incorrect handling of malformed IPv4 packets received on line cards where the interface has either an IPv4 ACL or QoS policy applied. An attacker could exploit this by sending crafted IPv4 packets through an affected device, potentially causing network processor errors and resulting in a reset or shutdown of the network process.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.