CVE-2025-20314

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A flaw in Cisco IOS XE Software may allow an attacker with level-15 privileges or physical access to a device to execute persistent code during boot and compromise the system’s trust mechanism. This is caused by insufficient validation of software packages. An attacker could exploit this by placing a specially crafted file in a specific location on the device, potentially gaining control of the underlying operating system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.