CVE-2025-20313

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description The software contains flaws that could allow an authenticated local attacker with level-15 privileges, or an unauthenticated attacker with physical access to the device, to execute persistent code at boot time and compromise the chain of trust. These issues stem from path traversal and improper image integrity validation, potentially enabling an attacker to execute persistent code on the underlying operating system. Cisco has assessed the security impact as High.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.