CVE-2025-20191

Name of the Vulnerable Software and Affected Versions Cisco IOS Software (affected versions not specified) Cisco IOS XE Software (affected versions not specified) Cisco NX-OS Software (affected versions not specified) Cisco Wireless LAN Controller (WLC) AireOS Software (affected versions not specified)

Description A vulnerability in the Switch Integrated Security Features (SISF) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This issue is due to the incorrect handling of DHCPv6 packets. An attacker could exploit this by sending a crafted DHCPv6 packet to an affected device, potentially causing the device to reload and resulting in a DoS condition.

Recommendations For Cisco IOS Software, update to a version that includes the fix for this issue. For Cisco IOS XE Software, update to a version that includes the fix for this issue. For Cisco NX-OS Software, update to a version that includes the fix for this issue. For Cisco Wireless LAN Controller (WLC) AireOS Software, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to DHCPv6 packets to minimize the risk of exploitation.