CVE-2025-20248

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software (affected versions not specified)

Description: A flaw in the installation process of Cisco IOS XR Software may allow an authenticated, local attacker to bypass the image signature verification and load unsigned software on a device. The vulnerability stems from incomplete validation of files during the installation of an .iso file. An attacker could modify the contents of the .iso image and then install and activate it on the device, potentially loading an unsigned file as part of the image activation process. To exploit this, the attacker must have root-system privileges on the affected device.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.