PT-2025-39303 · Cisco · Cisco Catalyst 9500X Series Switches+2
Published
2025-09-24
·
Updated
2025-09-25
·
CVE-2025-20316
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches (affected versions not specified)
Description
A flaw exists in the access control list (ACL) programming that could allow a remote attacker to bypass a configured ACL on an affected device. This is due to the flooding of traffic from an unlearned MAC address on a switch virtual interface (SVI) with an egress ACL applied. An attacker can exploit this by causing the VLAN to flush its MAC address table, or if the MAC address table is full. A successful exploit could allow an attacker to bypass an egress ACL.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Catalyst 9500X Series Switches
Cisco Catalyst 9600X Series Switches
Cisco Ios Xe