CVE-2025-20340

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software (affected versions not specified)

Description: A vulnerability in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a broadcast storm, leading to a denial of service (DoS) condition on an affected device. This issue is due to how Cisco IOS XR Software processes a high, sustained rate of ARP traffic hitting the management interface. An attacker could exploit this vulnerability by sending an excessive amount of traffic to the management interface, overwhelming its ARP processing capabilities. A successful exploit could result in degraded device performance, loss of management connectivity, and complete unresponsiveness of the system, leading to a DoS condition.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.