PT-2025-20268 · Cisco · Cisco Ios Xe+2
Michael Deviveiros
·
Published
2025-05-07
·
Updated
2025-07-11
·
CVE-2025-20196
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Cisco IOS Software and Cisco IOS XE Software (affected versions not specified)
Description
A vulnerability in the Cisco IOx application hosting environment could allow an unauthenticated, remote attacker to cause the environment to stop responding, resulting in a denial of service (DoS) condition. This is due to the improper handling of HTTP requests. An attacker could exploit this by sending crafted HTTP requests to an affected device, causing the environment to stop responding. The IOx process will need to be manually restarted to recover services.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Ios
Cisco Ios Xe
Cisco Iox