PT-2025-37063 · Cisco · Cisco Ios Xr

Published

2025-09-10

Updated

2025-09-10

CVE-2025-20159

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software (affected versions not specified)

Description: A vulnerability in the management interface access control list (ACL) processing feature could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This issue exists because management interface ACLs have not been supported on Cisco IOS XR Software Packet I/O infrastructure platforms for Linux-handled features such as SSH, NetConf, or gRPC. An attacker could exploit this vulnerability by attempting to send traffic to an affected device, potentially bypassing an ingress ACL applied on the management interface.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2025-11354

CVE-2025-20159

Affected Products

Cisco Ios Xr

PT-2025-37063 · Cisco · Cisco Ios Xr

CVE-2025-20159

Weakness Enumeration

Related Identifiers

Affected Products

References · 5