CVE-2025-20144

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software (affected versions not specified)

Description: A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets could allow an unauthenticated, remote attacker to bypass a configured ACL. This issue is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this by sending traffic through an affected device, potentially allowing them to bypass a configured ACL.

Recommendations: For Cisco IOS XR Software, update to a version that includes the software updates released by Cisco to address this issue. As a temporary workaround, consider configuring the hybrid ACL to prevent incorrect handling of packets until a patch is available. Restrict access to the device to minimize the risk of exploitation.