CVE-2025-20146

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers (affected versions not specified)

Description: A vulnerability in the Layer 3 multicast feature could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This issue is due to the incorrect handling of malformed IPv4 multicast packets received on line cards with either an IPv4 access control list (ACL) or a QoS policy applied. An attacker could exploit this by sending crafted IPv4 multicast packets through an affected device, potentially causing line card exceptions or a hard reset, and resulting in lost traffic over that line card while it reloads.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.