CVE-2025-20144

CVSS 3.1 Score 4 of 10 (medium)

Details

Published Mar 12, 2025

CWE ID 284

Summary

CVE-2025-20144 is a vulnerability affecting the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software. This issue enables unauthenticated, remote attackers to bypass configured ACLs. The vulnerability stems from the incorrect handling of packets when a specific configuration of the hybrid ACL exists. attackers can exploit this flaw by sending malicious traffic to an affected device, potentially gaining unauthorized access. Cisco has issued software updates to address this vulnerability and offers workarounds as temporary solutions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cisco IOS

Affected Vendors

Cisco

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/4Q-Mpj
https://www.cve.org/CVERecord?id=CVE-2025-20144
https://nvd.nist.gov/vuln/detail/CVE-2025-20144

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners