CVE-2025-20241

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches

Description A vulnerability exists in the Intermediate System-to-Intermediate System (IS-IS) feature. An unauthenticated, adjacent attacker could exploit this issue by sending a crafted IS-IS packet, causing the IS-IS process to unexpectedly restart and potentially leading to a denial of service (DoS) condition and device reload. The vulnerability is due to insufficient input validation when parsing an incoming IS-IS packet. The IS-IS protocol is a routing protocol, and an attacker must be Layer 2-adjacent to the affected device to exploit this vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.