cvelistv5 - cve-2025-20137

CVE-2025-20137 (GCVE-0-2025-20137)

Vulnerability from cvelistv5 – Published: 2025-05-07 17:31 – Updated: 2025-05-07 19:45

Summary

A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. Note: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches.

Severity ?

4.7 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE

CWE-284 - Improper Access Control

Assigner

cisco

References

URL

	Vendor	Product	Version
	Cisco	IOS	Affected: 15.2(5a)E Affected: 15.2(5b)E Affected: 15.2(5c)E Affected: 15.2(6)E Affected: 15.2(6)E1 Affected: 15.2(6)E0c Affected: 15.2(6)E2 Affected: 15.2(7)E Affected: 15.2(6)E2b Affected: 15.2(7)E1 Affected: 15.2(7)E0a Affected: 15.2(7)E0s Affected: 15.2(6)E3 Affected: 15.2(7)E2 Affected: 15.2(7a)E0b Affected: 15.2(7)E3 Affected: 15.2(7)E1a Affected: 15.2(7b)E0b Affected: 15.2(7)E4 Affected: 15.2(7)E3k Affected: 15.2(8)E Affected: 15.2(8)E1 Affected: 15.2(7)E5 Affected: 15.2(7)E6 Affected: 15.2(8)E2 Affected: 15.2(7)E7 Affected: 15.2(8)E3 Affected: 15.2(7)E8 Affected: 15.2(8)E4 Affected: 15.2(7)E9 Affected: 15.2(8)E5 Affected: 15.2(8)E6 Affected: 15.2(7)E10 Affected: 15.2(7)E11 Affected: 15.2(7)E12

GHSA-X37R-WQWH-97QM

Vulnerability from github – Published: 2025-05-07 18:30 – Updated: 2025-05-07 18:30

Details

This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.

Note: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches.

Severity ?

4.7 (Medium)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-20137"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-07T18:15:36Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL.\n\n This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.\n\n Note: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches.",
  "id": "GHSA-x37r-wqwh-97qm",
  "modified": "2025-05-07T18:30:48Z",
  "published": "2025-05-07T18:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20137"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CISCO-SA-IPSGACL-PG6QFZK

Vulnerability from csaf_cisco - Published: 2025-05-07 16:00 - Updated: 2025-05-07 16:00

Summary

Cisco IOS Software on Cisco Catalyst 1000 and 2960L Switches Access Control List Bypass Vulnerability

Notes

Summary

Vulnerable Products

At the time of publication, this vulnerability affected the following Cisco products if they were running a vulnerable release of Cisco IOS Software and had both an IPv4 ACL and IP Source Guard configured on an interface: Catalyst 1000 Switches Catalyst 2960-L Series Switches For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory. Determine the Device Configuration To determine whether a device has an IPv4 ACL configured on the same interface that is leveraging IP Source Guard, use the show running-config CLI command. Examine the contents under each interface to see if an IPv4 access-group has been configured along with IP Source Guard, which is enabled with the ip verify source command, as shown in the following example: Switch# show running-config . . <output omitted> . . interface GigabitEthernet1/0/11 switchport access vlan 200 ip access-group DropACL in ip verify source . . <output omitted> . . Switch# Note: For the IP Source Guard configuration to take effect, IP DHCP snooping must be enabled for the VLAN to which the IP Source Guard and IP access-group is applied. The following example shows DHCP enabled on VLAN 200: Switch#show ip dhcp snooping Switch DHCP snooping is enabled Switch DHCP gleaning is disabled DHCP snooping is configured on following VLANs: 200 DHCP snooping is operational on following VLANs: 200 . . . output omitted

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: IOS Software that is running on platforms not listed in the Vulnerable Products ["#vp"] section of this advisory IOS XE Software IOS XR Software Meraki products NX-OS Software

Details

Exploitation of this vulnerability could allow an attacker to bypass protections that are provided by an ACL that is applied on an affected device. The overall impact of exploitation is organization specific because it depends on the importance of the assets that the ACL was supposed to protect. Customers should evaluate how exploitation of this vulnerability would impact their network and proceed according to their own vulnerability-handling and remediation processes. Either the IPv4 ACL will be active or the dynamic generated ACL for IP Source Guard will be active, but not both at the same time. The programming depends on the order of the commands, and if there are changes in IP Source Guard the ACL would be updated and reflect the IP Source Guard ACL.

Workarounds

There is a workaround that addresses this vulnerability. Administrators should determine which ACL best suits their needs and then configure that single ACL type on the interface. While this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

Fixed Software

When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases Because this vulnerability affects an unsupported feature, Cisco does not plan to release fixed software.

Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

This vulnerability was found during the resolution of a Cisco TAC support case.

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "This vulnerability was found during the resolution of a Cisco TAC support case."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r\nThis vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.\r\n\r\nNote: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches.\r\n\r\nCisco has not released software updates that address this vulnerability. There are workarounds that address this vulnerability.\r\n\r\n",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "At the time of publication, this vulnerability affected the following Cisco products if they were running a vulnerable release of Cisco IOS Software and had both an IPv4 ACL and IP Source Guard configured on an interface:\r\n\r\nCatalyst 1000 Switches\r\nCatalyst 2960-L Series Switches\r\n\r\nFor information about which Cisco software releases are vulnerable, see the Fixed Software [\"#fs\"] section of this advisory.\r\n\r\nDetermine the Device Configuration\r\n\r\nTo determine whether a device has an IPv4 ACL configured on the same interface that is leveraging IP Source Guard, use the show running-config CLI command. Examine the contents under each interface to see if an IPv4 access-group has been configured along with IP Source Guard, which is enabled with the ip verify source command, as shown in the following example:\r\n\r\n\r\nSwitch# show running-config\r\n.\r\n.\r\n\u003coutput omitted\u003e\r\n.\r\n.\r\ninterface GigabitEthernet1/0/11\r\nswitchport access vlan 200\r\nip access-group DropACL in\r\nip verify source\r\n.\r\n.\r\n\u003coutput omitted\u003e\r\n.\r\n.\r\nSwitch#\r\n\r\nNote:  For the IP Source Guard configuration to take effect, IP DHCP snooping must be enabled for the VLAN to which the IP Source Guard and IP access-group is applied. The following example shows DHCP enabled on VLAN 200:\r\n\r\n\r\nSwitch#show ip dhcp snooping\r\nSwitch DHCP snooping is enabled\r\nSwitch DHCP gleaning is disabled\r\nDHCP snooping is configured on following VLANs:\r\n200\r\nDHCP snooping is operational on following VLANs:\r\n200\r\n.\r\n.\r\n.\r\noutput omitted",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following Cisco products:\r\n\r\nIOS Software that is running on platforms not listed in the Vulnerable Products [\"#vp\"] section of this advisory\r\nIOS XE Software\r\nIOS XR Software\r\nMeraki products\r\nNX-OS Software",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "Exploitation of this vulnerability could allow an attacker to bypass protections that are provided by an ACL that is applied on an affected device. The overall impact of exploitation is organization specific because it depends on the importance of the assets that the ACL was supposed to protect. Customers should evaluate how exploitation of this vulnerability would impact their network and proceed according to their own vulnerability-handling and remediation processes.\r\n\r\nEither the IPv4 ACL will be active or the dynamic generated ACL for IP Source Guard will be active, but not both at the same time. The programming depends on the order of the commands, and if there are changes in IP Source Guard the ACL would be updated and reflect the IP Source Guard ACL.",
        "title": "Details"
      },
      {
        "category": "general",
        "text": "There is a workaround that addresses this vulnerability.\r\n\r\nAdministrators should determine which ACL best suits their needs and then configure that single ACL type on the interface.\r\n\r\nWhile this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "When considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n      Fixed Releases\r\nBecause this vulnerability affects an unsupported feature, Cisco does not plan to release fixed software.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "This vulnerability was found during the resolution of a Cisco TAC support case.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@cisco.com",
      "issuing_authority": "Cisco PSIRT",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Cisco IOS Software on Cisco Catalyst 1000 and 2960L Switches Access Control List Bypass Vulnerability",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "considering software upgrades",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisories page",
        "url": "https://www.cisco.com/go/psirt"
      },
      {
        "category": "external",
        "summary": "Security Vulnerability Policy",
        "url": "http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"
      }
    ],
    "title": "Cisco IOS Software on Cisco Catalyst 1000 and 2960L Switches Access Control List Bypass Vulnerability",
    "tracking": {
      "current_release_date": "2025-05-07T16:00:00+00:00",
      "generator": {
        "date": "2025-05-07T16:00:48+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-ipsgacl-pg6qfZk",
      "initial_release_date": "2025-05-07T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2025-05-07T15:53:26+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "15.2(5a)E",
                    "product": {
                      "name": "15.2(5a)E",
                      "product_id": "CSAFPID-218995"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(5b)E",
                    "product": {
                      "name": "15.2(5b)E",
                      "product_id": "CSAFPID-220457"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(5c)E",
                    "product": {
                      "name": "15.2(5c)E",
                      "product_id": "CSAFPID-221137"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(6)E",
                    "product": {
                      "name": "15.2(6)E",
                      "product_id": "CSAFPID-227598"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(6)E1",
                    "product": {
                      "name": "15.2(6)E1",
                      "product_id": "CSAFPID-230592"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(6)E0c",
                    "product": {
                      "name": "15.2(6)E0c",
                      "product_id": "CSAFPID-231245"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(6)E2",
                    "product": {
                      "name": "15.2(6)E2",
                      "product_id": "CSAFPID-232007"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(6)E1a",
                    "product": {
                      "name": "15.2(6)E1a",
                      "product_id": "CSAFPID-238999"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(6)E1s",
                    "product": {
                      "name": "15.2(6)E1s",
                      "product_id": "CSAFPID-240186"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E",
                    "product": {
                      "name": "15.2(7)E",
                      "product_id": "CSAFPID-242313"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(6)E2b",
                    "product": {
                      "name": "15.2(6)E2b",
                      "product_id": "CSAFPID-250278"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E1",
                    "product": {
                      "name": "15.2(7)E1",
                      "product_id": "CSAFPID-254193"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E0a",
                    "product": {
                      "name": "15.2(7)E0a",
                      "product_id": "CSAFPID-259867"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E0s",
                    "product": {
                      "name": "15.2(7)E0s",
                      "product_id": "CSAFPID-262300"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(6)E3",
                    "product": {
                      "name": "15.2(6)E3",
                      "product_id": "CSAFPID-262684"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E2",
                    "product": {
                      "name": "15.2(7)E2",
                      "product_id": "CSAFPID-270096"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7a)E0b",
                    "product": {
                      "name": "15.2(7a)E0b",
                      "product_id": "CSAFPID-271140"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E3",
                    "product": {
                      "name": "15.2(7)E3",
                      "product_id": "CSAFPID-271631"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E1a",
                    "product": {
                      "name": "15.2(7)E1a",
                      "product_id": "CSAFPID-273573"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7b)E0b",
                    "product": {
                      "name": "15.2(7b)E0b",
                      "product_id": "CSAFPID-276903"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E4",
                    "product": {
                      "name": "15.2(7)E4",
                      "product_id": "CSAFPID-278803"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E3k",
                    "product": {
                      "name": "15.2(7)E3k",
                      "product_id": "CSAFPID-280771"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(8)E",
                    "product": {
                      "name": "15.2(8)E",
                      "product_id": "CSAFPID-280857"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(8)E1",
                    "product": {
                      "name": "15.2(8)E1",
                      "product_id": "CSAFPID-281581"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E5",
                    "product": {
                      "name": "15.2(7)E5",
                      "product_id": "CSAFPID-282112"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E6",
                    "product": {
                      "name": "15.2(7)E6",
                      "product_id": "CSAFPID-284159"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(8)E2",
                    "product": {
                      "name": "15.2(8)E2",
                      "product_id": "CSAFPID-284334"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E7",
                    "product": {
                      "name": "15.2(7)E7",
                      "product_id": "CSAFPID-286558"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(8)E3",
                    "product": {
                      "name": "15.2(8)E3",
                      "product_id": "CSAFPID-287123"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E8",
                    "product": {
                      "name": "15.2(7)E8",
                      "product_id": "CSAFPID-290581"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(8)E4",
                    "product": {
                      "name": "15.2(8)E4",
                      "product_id": "CSAFPID-290619"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E9",
                    "product": {
                      "name": "15.2(7)E9",
                      "product_id": "CSAFPID-295162"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(8)E5",
                    "product": {
                      "name": "15.2(8)E5",
                      "product_id": "CSAFPID-295426"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(8)E6",
                    "product": {
                      "name": "15.2(8)E6",
                      "product_id": "CSAFPID-300274"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E10",
                    "product": {
                      "name": "15.2(7)E10",
                      "product_id": "CSAFPID-300846"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E11",
                    "product": {
                      "name": "15.2(7)E11",
                      "product_id": "CSAFPID-301328"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E12",
                    "product": {
                      "name": "15.2(7)E12",
                      "product_id": "CSAFPID-302838"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(8)E8",
                    "product": {
                      "name": "15.2(8)E8",
                      "product_id": "CSAFPID-303032"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.2(7)E13",
                    "product": {
                      "name": "15.2(7)E13",
                      "product_id": "CSAFPID-303344"
                    }
                  }
                ],
                "category": "product_version",
                "name": "15.2E"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "12.2(6)I1",
                    "product": {
                      "name": "12.2(6)I1",
                      "product_id": "CSAFPID-243144"
                    }
                  }
                ],
                "category": "product_version",
                "name": "12.2I"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVR1",
                    "product": {
                      "name": "15.1(3)SVR1",
                      "product_id": "CSAFPID-277230"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVR2",
                    "product": {
                      "name": "15.1(3)SVR2",
                      "product_id": "CSAFPID-277253"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVR3",
                    "product": {
                      "name": "15.1(3)SVR3",
                      "product_id": "CSAFPID-279337"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVR10",
                    "product": {
                      "name": "15.1(3)SVR10",
                      "product_id": "CSAFPID-290618"
                    }
                  }
                ],
                "category": "product_version",
                "name": "15.1SVR"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVS",
                    "product": {
                      "name": "15.1(3)SVS",
                      "product_id": "CSAFPID-277232"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVS1",
                    "product": {
                      "name": "15.1(3)SVS1",
                      "product_id": "CSAFPID-279335"
                    }
                  }
                ],
                "category": "product_version",
                "name": "15.1SVS"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVT1",
                    "product": {
                      "name": "15.1(3)SVT1",
                      "product_id": "CSAFPID-280759"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVT2",
                    "product": {
                      "name": "15.1(3)SVT2",
                      "product_id": "CSAFPID-282026"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVT3",
                    "product": {
                      "name": "15.1(3)SVT3",
                      "product_id": "CSAFPID-284785"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVT4",
                    "product": {
                      "name": "15.1(3)SVT4",
                      "product_id": "CSAFPID-286399"
                    }
                  }
                ],
                "category": "product_version",
                "name": "15.1SVT"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVU1",
                    "product": {
                      "name": "15.1(3)SVU1",
                      "product_id": "CSAFPID-283833"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVU10",
                    "product": {
                      "name": "15.1(3)SVU10",
                      "product_id": "CSAFPID-284291"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVU2",
                    "product": {
                      "name": "15.1(3)SVU2",
                      "product_id": "CSAFPID-284566"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVU11",
                    "product": {
                      "name": "15.1(3)SVU11",
                      "product_id": "CSAFPID-286400"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVU20",
                    "product": {
                      "name": "15.1(3)SVU20",
                      "product_id": "CSAFPID-289270"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVU21",
                    "product": {
                      "name": "15.1(3)SVU21",
                      "product_id": "CSAFPID-290557"
                    }
                  }
                ],
                "category": "product_version",
                "name": "15.1SVU"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVV1",
                    "product": {
                      "name": "15.1(3)SVV1",
                      "product_id": "CSAFPID-284341"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVV2",
                    "product": {
                      "name": "15.1(3)SVV2",
                      "product_id": "CSAFPID-286029"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVV3",
                    "product": {
                      "name": "15.1(3)SVV3",
                      "product_id": "CSAFPID-286940"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVV4",
                    "product": {
                      "name": "15.1(3)SVV4",
                      "product_id": "CSAFPID-289371"
                    }
                  }
                ],
                "category": "product_version",
                "name": "15.1SVV"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVW",
                    "product": {
                      "name": "15.1(3)SVW",
                      "product_id": "CSAFPID-286451"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVW1",
                    "product": {
                      "name": "15.1(3)SVW1",
                      "product_id": "CSAFPID-286844"
                    }
                  }
                ],
                "category": "product_version",
                "name": "15.1SVW"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVX",
                    "product": {
                      "name": "15.1(3)SVX",
                      "product_id": "CSAFPID-286927"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "15.1(3)SVX1",
                    "product": {
                      "name": "15.1(3)SVX1",
                      "product_id": "CSAFPID-289301"
                    }
                  }
                ],
                "category": "product_version",
                "name": "15.1SVX"
              }
            ],
            "category": "product_family",
            "name": "IOS"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-20137",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwm03838"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-218995",
          "CSAFPID-220457",
          "CSAFPID-221137",
          "CSAFPID-227598",
          "CSAFPID-230592",
          "CSAFPID-231245",
          "CSAFPID-232007",
          "CSAFPID-238999",
          "CSAFPID-240186",
          "CSAFPID-242313",
          "CSAFPID-243144",
          "CSAFPID-250278",
          "CSAFPID-254193",
          "CSAFPID-259867",
          "CSAFPID-262300",
          "CSAFPID-262684",
          "CSAFPID-270096",
          "CSAFPID-271140",
          "CSAFPID-271631",
          "CSAFPID-273573",
          "CSAFPID-276903",
          "CSAFPID-277230",
          "CSAFPID-277232",
          "CSAFPID-277253",
          "CSAFPID-278803",
          "CSAFPID-279335",
          "CSAFPID-279337",
          "CSAFPID-280759",
          "CSAFPID-280771",
          "CSAFPID-280857",
          "CSAFPID-281581",
          "CSAFPID-282026",
          "CSAFPID-282112",
          "CSAFPID-283833",
          "CSAFPID-284159",
          "CSAFPID-284291",
          "CSAFPID-284334",
          "CSAFPID-284341",
          "CSAFPID-284566",
          "CSAFPID-284785",
          "CSAFPID-286029",
          "CSAFPID-286399",
          "CSAFPID-286400",
          "CSAFPID-286451",
          "CSAFPID-286558",
          "CSAFPID-286844",
          "CSAFPID-286927",
          "CSAFPID-286940",
          "CSAFPID-287123",
          "CSAFPID-289270",
          "CSAFPID-289301",
          "CSAFPID-289371",
          "CSAFPID-290557",
          "CSAFPID-290581",
          "CSAFPID-290618",
          "CSAFPID-290619",
          "CSAFPID-295162",
          "CSAFPID-295426",
          "CSAFPID-300274",
          "CSAFPID-300846",
          "CSAFPID-301328",
          "CSAFPID-302838",
          "CSAFPID-303032",
          "CSAFPID-303344"
        ]
      },
      "release_date": "2025-05-07T16:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-218995",
            "CSAFPID-220457",
            "CSAFPID-221137",
            "CSAFPID-227598",
            "CSAFPID-230592",
            "CSAFPID-231245",
            "CSAFPID-232007",
            "CSAFPID-238999",
            "CSAFPID-240186",
            "CSAFPID-242313",
            "CSAFPID-243144",
            "CSAFPID-250278",
            "CSAFPID-254193",
            "CSAFPID-259867",
            "CSAFPID-262300",
            "CSAFPID-262684",
            "CSAFPID-270096",
            "CSAFPID-271140",
            "CSAFPID-271631",
            "CSAFPID-273573",
            "CSAFPID-276903",
            "CSAFPID-277230",
            "CSAFPID-277232",
            "CSAFPID-277253",
            "CSAFPID-278803",
            "CSAFPID-279335",
            "CSAFPID-279337",
            "CSAFPID-280759",
            "CSAFPID-280771",
            "CSAFPID-280857",
            "CSAFPID-281581",
            "CSAFPID-282026",
            "CSAFPID-282112",
            "CSAFPID-283833",
            "CSAFPID-284159",
            "CSAFPID-284291",
            "CSAFPID-284334",
            "CSAFPID-284341",
            "CSAFPID-284566",
            "CSAFPID-284785",
            "CSAFPID-286029",
            "CSAFPID-286399",
            "CSAFPID-286400",
            "CSAFPID-286451",
            "CSAFPID-286558",
            "CSAFPID-286844",
            "CSAFPID-286927",
            "CSAFPID-286940",
            "CSAFPID-287123",
            "CSAFPID-289270",
            "CSAFPID-289301",
            "CSAFPID-289371",
            "CSAFPID-290557",
            "CSAFPID-290581",
            "CSAFPID-290618",
            "CSAFPID-290619",
            "CSAFPID-295162",
            "CSAFPID-295426",
            "CSAFPID-300274",
            "CSAFPID-300846",
            "CSAFPID-301328",
            "CSAFPID-302838",
            "CSAFPID-303032",
            "CSAFPID-303344"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-218995",
            "CSAFPID-220457",
            "CSAFPID-221137",
            "CSAFPID-227598",
            "CSAFPID-230592",
            "CSAFPID-231245",
            "CSAFPID-232007",
            "CSAFPID-238999",
            "CSAFPID-240186",
            "CSAFPID-242313",
            "CSAFPID-243144",
            "CSAFPID-250278",
            "CSAFPID-254193",
            "CSAFPID-259867",
            "CSAFPID-262300",
            "CSAFPID-262684",
            "CSAFPID-270096",
            "CSAFPID-271140",
            "CSAFPID-271631",
            "CSAFPID-273573",
            "CSAFPID-276903",
            "CSAFPID-277230",
            "CSAFPID-277232",
            "CSAFPID-277253",
            "CSAFPID-278803",
            "CSAFPID-279335",
            "CSAFPID-279337",
            "CSAFPID-280759",
            "CSAFPID-280771",
            "CSAFPID-280857",
            "CSAFPID-281581",
            "CSAFPID-282026",
            "CSAFPID-282112",
            "CSAFPID-283833",
            "CSAFPID-284159",
            "CSAFPID-284291",
            "CSAFPID-284334",
            "CSAFPID-284341",
            "CSAFPID-284566",
            "CSAFPID-284785",
            "CSAFPID-286029",
            "CSAFPID-286399",
            "CSAFPID-286400",
            "CSAFPID-286451",
            "CSAFPID-286558",
            "CSAFPID-286844",
            "CSAFPID-286927",
            "CSAFPID-286940",
            "CSAFPID-287123",
            "CSAFPID-289270",
            "CSAFPID-289301",
            "CSAFPID-289371",
            "CSAFPID-290557",
            "CSAFPID-290581",
            "CSAFPID-290618",
            "CSAFPID-290619",
            "CSAFPID-295162",
            "CSAFPID-295426",
            "CSAFPID-300274",
            "CSAFPID-300846",
            "CSAFPID-301328",
            "CSAFPID-302838",
            "CSAFPID-303032",
            "CSAFPID-303344"
          ]
        }
      ],
      "title": "Cisco IOS Software on Cisco Catalyst 1000 and 2960L Switches Access Control List Bypass Vulnerability"
    }
  ]
}

FKIE_CVE-2025-20137

Vulnerability from fkie_nvd - Published: 2025-05-07 18:15 - Updated: 2025-08-05 14:08

Severity ?

4.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Summary

References

	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ios	15.2\(5a\)e
cisco	ios	15.2\(5b\)e
cisco	ios	15.2\(5c\)e
cisco	ios	15.2\(6\)e
cisco	ios	15.2\(6\)e0c
cisco	ios	15.2\(6\)e1
cisco	ios	15.2\(6\)e2
cisco	ios	15.2\(6\)e2b
cisco	ios	15.2\(6\)e3
cisco	ios	15.2\(7\)e
cisco	ios	15.2\(7\)e0a
cisco	ios	15.2\(7\)e0s
cisco	ios	15.2\(7\)e1
cisco	ios	15.2\(7\)e1a
cisco	ios	15.2\(7\)e2
cisco	ios	15.2\(7\)e3
cisco	ios	15.2\(7\)e3k
cisco	ios	15.2\(7\)e4
cisco	ios	15.2\(7\)e5
cisco	ios	15.2\(7\)e6
cisco	ios	15.2\(7\)e7
cisco	ios	15.2\(7\)e8
cisco	ios	15.2\(7\)e9
cisco	ios	15.2\(7\)e10
cisco	ios	15.2\(7\)e11
cisco	ios	15.2\(7\)e12
cisco	ios	15.2\(7a\)e0b
cisco	ios	15.2\(7b\)e0b
cisco	ios	15.2\(8\)e
cisco	ios	15.2\(8\)e1
cisco	ios	15.2\(8\)e2
cisco	ios	15.2\(8\)e3
cisco	ios	15.2\(8\)e4
cisco	ios	15.2\(8\)e5
cisco	ios	15.2\(8\)e6
cisco	catalyst_1000-16fp-2g-l	-
cisco	catalyst_1000-16p-2g-l	-
cisco	catalyst_1000-16t-2g-l	-
cisco	catalyst_1000-16t-e-2g-l	-
cisco	catalyst_1000-24fp-4g-l	-
cisco	catalyst_1000-24fp-4x-l	-
cisco	catalyst_1000-24p-4g-l	-
cisco	catalyst_1000-24p-4x-l	-
cisco	catalyst_1000-24pp-4g-l	-
cisco	catalyst_1000-24t-4g-l	-
cisco	catalyst_1000-24t-4x-l	-
cisco	catalyst_1000-48fp-4g-l	-
cisco	catalyst_1000-48fp-4x-l	-
cisco	catalyst_1000-48p-4g-l	-
cisco	catalyst_1000-48p-4x-l	-
cisco	catalyst_1000-48pp-4g-l	-
cisco	catalyst_1000-48t-4g-l	-
cisco	catalyst_1000-48t-4x-l	-
cisco	catalyst_1000-8fp-2g-l	-
cisco	catalyst_1000-8fp-e-2g-l	-
cisco	catalyst_1000-8p-2g-l	-
cisco	catalyst_1000-8p-e-2g-l	-
cisco	catalyst_1000-8t-2g-l	-
cisco	catalyst_1000-8t-e-2g-l	-
cisco	catalyst_1000fe-24p-4g-l	-
cisco	catalyst_1000fe-24t-4g-l	-
cisco	catalyst_1000fe-48p-4g-l	-
cisco	catalyst_1000fe-48t-4g-l	-
cisco	catalyst_2960l-16ps-ll	-
cisco	catalyst_2960l-16ts-ll	-
cisco	catalyst_2960l-24pq-ll	-
cisco	catalyst_2960l-24ps-ll	-
cisco	catalyst_2960l-24tq-ll	-
cisco	catalyst_2960l-24ts-ll	-
cisco	catalyst_2960l-48pq-ll	-
cisco	catalyst_2960l-48ps-ll	-
cisco	catalyst_2960l-48tq-ll	-
cisco	catalyst_2960l-48ts-ll	-
cisco	catalyst_2960l-8ps-ll	-
cisco	catalyst_2960l-8ts-ll	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(5a\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A2EB46D-16E0-4C31-8634-C33D70B5381A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(5b\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "F29B2E6F-ED6C-4568-9042-7A1BD96A9E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(5c\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "7803B445-FE22-4D4B-9F3A-68EFE528195E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "199DCF1B-8A1E-47CC-87A6-64E6F21D8886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD05109E-1183-419D-96A1-9CD5EA5ECC3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3C73A3A-4B84-476F-AC3C-81DCB527E29A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DEE2C71-C401-43D1-86DC-725FE5FDF87E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2842F6-4CD5-457C-AC75-241A5AB9534B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ABE0470-E94A-4CAF-865D-73E2607A0DC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6437E689-A049-4D48-AB7A-49CA7EBDE8B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "110B699D-169E-4932-A480-6EBB90CAE94B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "4862C453-8BD7-4D53-B2D6-CE3E44A4915A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C4E1F4-AD64-418C-A308-85501E0F3EA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "27EF41C6-A0D0-4149-BC5D-B31C4F5CC6D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57ED9CDC-FC03-4DA7-A791-CE61D0D8364D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F980EFA3-BB92-49D3-8D5F-2804BB44ABB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e3k:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D6D0AA7-E879-4303-AB2D-4FEF3574B60E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "345C9300-CAC2-4427-A6B4-8DBC72573E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e5:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BFCF66-DE06-46DA-8F9D-60A446DC0F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BDF6ABA-F0A4-423F-9056-A57C6A074137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e7:*:*:*:*:*:*:*",
              "matchCriteriaId": "956FE25C-3CB8-4479-850D-719827123A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e8:*:*:*:*:*:*:*",
              "matchCriteriaId": "23ABB581-90EF-4F6C-9778-735932D2B08D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e9:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC3FD874-5EDF-48E0-A5AC-415A620C1FF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e10:*:*:*:*:*:*:*",
              "matchCriteriaId": "58F396D6-9B6E-4E6A-B561-9822DB13C7AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e11:*:*:*:*:*:*:*",
              "matchCriteriaId": "21887E28-6DED-4E1D-BC96-FED6461B95F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FAD4038-60A1-43ED-98EA-534B42134FB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7a\\)e0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "1374E243-4EC2-4A81-991C-B5705135CAD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7b\\)e0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ECA6101-94BA-4209-8243-A56AF02963EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFF00927-80B0-4BE3-BF7C-E663A5E7763A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9795E31D-A642-4100-A980-CD49C291AB7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83C79479-27C6-4273-BC80-70395D609197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e3:*:*:*:*:*:*:*",
              "matchCriteriaId": "28ACC494-2B4B-4BCE-9275-B7B10CC69B1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8BB9098-7C1D-4776-8B1F-EF4A0461CCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e5:*:*:*:*:*:*:*",
              "matchCriteriaId": "602A88C0-30D1-4B63-A8F7-EF1D35350897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D3AE0C5-D071-44B4-B820-422296FDC259",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-16fp-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE31650-EA77-4AE9-85CD-CB6C1E1E0562",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-16p-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C0DF028-9DE9-4BD9-ACDF-72D54E1898C8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-16t-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9F0B2AE-113D-49FC-A4DB-2A7F35678BC3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-16t-e-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC581974-585A-4204-8BB0-B0C56C04EA61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-24fp-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8D14468-6577-4142-B312-70BE052BB62E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-24fp-4x-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "411965A9-9F29-49D6-A402-76F5AA430891",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-24p-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8208BCD-7591-4A7E-B5D0-FC875FF51238",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-24p-4x-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6DA9249-EEFE-48D8-B94A-845A6C8C5EC0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-24pp-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ECC7217-C2F5-4742-8559-4254FF649192",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-24t-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DF6F3CD-8D92-426D-923C-9282EECF440E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-24t-4x-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "33B9CA88-B777-40D3-9094-C321A9B68245",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-48fp-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E73625-3AE9-4A57-A5C1-9F5CB30913E8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-48fp-4x-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "359594EB-19B7-448C-901A-E0D7F6F49738",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-48p-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07FB42D3-1876-4535-B969-4F7DCEB425C6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-48p-4x-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEAFC00-8B8A-4D2E-85D7-2366F0C76093",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-48pp-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "946E34A8-F960-4878-80B7-A0FC6A50CB13",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-48t-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "993C14D0-710B-4BE6-BC66-C35D071C0089",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-48t-4x-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28C4B25-2244-4A6A-AF69-FFCCD6A693C6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-8fp-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7981F467-B780-44CE-ACD3-175B0BEF1D79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-8fp-e-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BB0A67A-FDCC-4F6A-B1C8-DA26D7D11231",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-8p-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24849156-10B7-4FF9-B825-EAD3BF864724",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-8p-e-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A245CDAE-B426-4FC3-A35E-96E09C5E4607",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-8t-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1456D7-700B-4833-B530-15CEF6FCA99D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-8t-e-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2EE6830-7F52-4FCD-AA08-F3BDABE5E7E2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000fe-24p-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA79F243-5BD0-40FB-ADAC-A7E92DA1B1FD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000fe-24t-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70BFCEF9-B808-4CC8-BA50-E6F8CF83C238",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000fe-48p-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2994E19-2B1E-445E-8C1B-6BAC67F28028",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000fe-48t-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DF8C04C-B259-408C-80B7-77BBF5606BCE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-16ps-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "923B1623-2A33-497B-9238-3F4699E8E4AA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-16ts-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "762B1BA4-69FC-4977-A0A8-9323660674A2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-24pq-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "343AD12E-387D-4494-9665-45384927C043",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-24ps-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F249629F-1A5C-4C12-B956-552A2526A836",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-24tq-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F7347D-C59F-4432-8706-A49732F691D2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-24ts-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C9AF097-09D6-4388-85EA-5954BD40D6B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-48pq-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7CB5149-90DE-4C56-B252-0BE74CB84B19",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-48ps-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "949533D3-6500-49BA-BE55-42E1506D3DD6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-48tq-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26876A8C-F6C9-4FBA-8085-DD9A042CF77D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-48ts-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E5B561-02A2-4F79-8E28-E6A2B5C4F09D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-8ps-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EBE7411-BD02-47A8-99BC-6B701B60A61B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-8ts-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "96195B6B-C869-4DEF-AB5D-704B3D2FC76E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.\r\n\r Note: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la programaci\u00f3n de la lista de control de acceso (ACL) del software Cisco IOS, que se ejecuta en los switches Cisco Catalyst 1000 y Cisco Catalyst 2960L, podr\u00eda permitir que un atacante remoto no autenticado omita una ACL configurada. Esta vulnerabilidad se debe al uso de una ACL IPv4 y una ACL din\u00e1mica de IP Source Guard en la misma interfaz, una configuraci\u00f3n no compatible. Un atacante podr\u00eda explotar esta vulnerabilidad intentando enviar tr\u00e1fico a trav\u00e9s de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitirle omitir una ACL en el dispositivo afectado. Nota: La documentaci\u00f3n de Cisco se ha actualizado para reflejar que esta es una configuraci\u00f3n no compatible. Sin embargo, Cisco publica este aviso porque el dispositivo no impedir\u00e1 que un administrador configure ambas funciones en la misma interfaz. No hay planes para implementar la capacidad de configurar ambas funciones en la misma interfaz en los switches Cisco Catalyst 1000 o Catalyst 2960L."
    }
  ],
  "id": "CVE-2025-20137",
  "lastModified": "2025-08-05T14:08:32.490",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@cisco.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-07T18:15:36.473",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}

CNVD-2025-15478

Vulnerability from cnvd - Published: 2025-07-11

Title

Cisco IOS访问控制错误漏洞（CNVD-2025-15478）

Description

Cisco IOS是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。 Cisco IOS存在访问控制错误漏洞，该漏洞源于访问控制列表配置不当，攻击者可利用该漏洞导致绕过ACL限制。

Severity

低

Patch Name

Cisco IOS访问控制错误漏洞（CNVD-2025-15478）的补丁

Patch Description

Cisco IOS是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。 Cisco IOS存在访问控制错误漏洞，该漏洞源于访问控制列表配置不当，攻击者可利用该漏洞导致绕过ACL限制。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.cisco.com/c/en/us/support/index.html

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk

Impacted products

Name
Cisco Cisco IOS

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-20137",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-20137"
    }
  },
  "description": "Cisco IOS\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nCisco IOS\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8bbf\u95ee\u63a7\u5236\u5217\u8868\u914d\u7f6e\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7ed5\u8fc7ACL\u9650\u5236\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.cisco.com/c/en/us/support/index.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-15478",
  "openTime": "2025-07-11",
  "patchDescription": "Cisco IOS\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco IOS\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8bbf\u95ee\u63a7\u5236\u5217\u8868\u914d\u7f6e\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7ed5\u8fc7ACL\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco IOS\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2025-15478\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Cisco IOS"
  },
  "referenceLink": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk",
  "serverity": "\u4f4e",
  "submitTime": "2025-05-14",
  "title": "Cisco IOS\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2025-15478\uff09"
}

NCSC-2025-0146

Vulnerability from csaf_ncscnl - Published: 2025-05-08 08:43 - Updated: 2025-05-08 08:43

Summary

Kwetsbaarheden verholpen in Cisco IOS XE Software

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Cisco heeft kwetsbaarheden verholpen in Cisco IOS XE Software.

Interpretaties

De kwetsbaarheden in Cisco IOS XE Software omvatten verschillende problemen, waaronder onvoldoende invoervalidatie en onjuist geheugenbeheer. Deze kwetsbaarheden kunnen worden misbruikt door ongeauthenticeerde aanvallers om Denial-of-Service (DoS) situaties te veroorzaken, ongeautoriseerde toegang te verkrijgen, en zelfs om configuraties te manipuleren. Kwetsbare systemen kunnen onverwacht opnieuw opstarten of kunnen worden blootgesteld aan ongeautoriseerde commando-injectie-aanvallen, wat de integriteit en beschikbaarheid van netwerken in gevaar kan brengen.

Oplossingen

Cisco heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-762

Mismatched Memory Management Routines

CWE-805

Buffer Access with Incorrect Length Value

CWE-347

Improper Verification of Cryptographic Signature

CWE-232

Improper Handling of Undefined Values

CWE-798

Use of Hard-coded Credentials

CWE-352

Cross-Site Request Forgery (CSRF)

CWE-284

Improper Access Control

CWE-400

Uncontrolled Resource Consumption

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-787

Out-of-bounds Write

CWE-789

Memory Allocation with Excessive Size Value

CWE-20

Improper Input Validation

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Cisco heeft kwetsbaarheden verholpen in Cisco IOS XE Software.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden in Cisco IOS XE Software omvatten verschillende problemen, waaronder onvoldoende invoervalidatie en onjuist geheugenbeheer. Deze kwetsbaarheden kunnen worden misbruikt door ongeauthenticeerde aanvallers om Denial-of-Service (DoS) situaties te veroorzaken, ongeautoriseerde toegang te verkrijgen, en zelfs om configuraties te manipuleren. Kwetsbare systemen kunnen onverwacht opnieuw opstarten of kunnen worden blootgesteld aan ongeautoriseerde commando-injectie-aanvallen, wat de integriteit en beschikbaarheid van netwerken in gevaar kan brengen.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Cisco heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Mismatched Memory Management Routines",
        "title": "CWE-762"
      },
      {
        "category": "general",
        "text": "Buffer Access with Incorrect Length Value",
        "title": "CWE-805"
      },
      {
        "category": "general",
        "text": "Improper Verification of Cryptographic Signature",
        "title": "CWE-347"
      },
      {
        "category": "general",
        "text": "Improper Handling of Undefined Values",
        "title": "CWE-232"
      },
      {
        "category": "general",
        "text": "Use of Hard-coded Credentials",
        "title": "CWE-798"
      },
      {
        "category": "general",
        "text": "Cross-Site Request Forgery (CSRF)",
        "title": "CWE-352"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
        "title": "CWE-78"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Memory Allocation with Excessive Size Value",
        "title": "CWE-789"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-cdp-dos-fpeks9K"
      },
      {
        "category": "external",
        "summary": "Reference - cisco; cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-multi-ARNHM4v6"
      },
      {
        "category": "external",
        "summary": "Reference - cisco; cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ikev1-dos-XHk3HzFC"
      },
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-user-del-hQxMpUDj"
      },
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ"
      },
      {
        "category": "external",
        "summary": "Reference - cisco; cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC"
      },
      {
        "category": "external",
        "summary": "Reference - cisco; cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-gVn3OKNC"
      },
      {
        "category": "external",
        "summary": "Reference - cisco; cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcpsn-dos-xBn8Mtks"
      },
      {
        "category": "external",
        "summary": "Reference - cisco; cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn"
      },
      {
        "category": "external",
        "summary": "Reference - cisco; cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-p6Gvt6HL"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Cisco IOS XE Software",
    "tracking": {
      "current_release_date": "2025-05-08T08:43:57.415709Z",
      "generator": {
        "date": "2025-02-25T15:15:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.0"
        }
      },
      "id": "NCSC-2025-0146",
      "initial_release_date": "2025-05-08T08:43:57.415709Z",
      "revision_history": [
        {
          "date": "2025-05-08T08:43:57.415709Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.1.3",
                "product": {
                  "name": "vers:cisco/16.1.3",
                  "product_id": "CSAFPID-2714930"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.10.3",
                "product": {
                  "name": "vers:cisco/16.10.3",
                  "product_id": "CSAFPID-2715313"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.11.2",
                "product": {
                  "name": "vers:cisco/16.11.2",
                  "product_id": "CSAFPID-2715043"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.12.9",
                "product": {
                  "name": "vers:cisco/16.12.9",
                  "product_id": "CSAFPID-2715520"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.10bs",
                "product": {
                  "name": "vers:cisco/3.16.10bs",
                  "product_id": "CSAFPID-2715459"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.10s",
                "product": {
                  "name": "vers:cisco/3.16.10s",
                  "product_id": "CSAFPID-2715039"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.2.2",
                "product": {
                  "name": "vers:cisco/16.2.2",
                  "product_id": "CSAFPID-2714932"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.3.11",
                "product": {
                  "name": "vers:cisco/16.3.11",
                  "product_id": "CSAFPID-2715445"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.4.3",
                "product": {
                  "name": "vers:cisco/16.4.3",
                  "product_id": "CSAFPID-2715031"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.5.3",
                "product": {
                  "name": "vers:cisco/16.5.3",
                  "product_id": "CSAFPID-2715164"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.6.10",
                "product": {
                  "name": "vers:cisco/16.6.10",
                  "product_id": "CSAFPID-2715478"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.7bs",
                "product": {
                  "name": "vers:cisco/3.16.7bs",
                  "product_id": "CSAFPID-2715170"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.7s",
                "product": {
                  "name": "vers:cisco/3.16.7s",
                  "product_id": "CSAFPID-2715017"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/16.8.3",
                "product": {
                  "name": "vers:cisco/16.8.3",
                  "product_id": "CSAFPID-2714865"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.9s",
                "product": {
                  "name": "vers:cisco/3.16.9s",
                  "product_id": "CSAFPID-2714842"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.10.9s",
                "product": {
                  "name": "vers:cisco/3.10.9s",
                  "product_id": "CSAFPID-2714989"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.11.9e",
                "product": {
                  "name": "vers:cisco/3.11.9e",
                  "product_id": "CSAFPID-2715536"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.12.4s",
                "product": {
                  "name": "vers:cisco/3.12.4s",
                  "product_id": "CSAFPID-2714784"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.13.9s",
                "product": {
                  "name": "vers:cisco/3.13.9s",
                  "product_id": "CSAFPID-2715032"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.14.4s",
                "product": {
                  "name": "vers:cisco/3.14.4s",
                  "product_id": "CSAFPID-2714746"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.15.4s",
                "product": {
                  "name": "vers:cisco/3.15.4s",
                  "product_id": "CSAFPID-2714941"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.2as",
                "product": {
                  "name": "vers:cisco/3.16.2as",
                  "product_id": "CSAFPID-2714791"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.2bs",
                "product": {
                  "name": "vers:cisco/3.16.2bs",
                  "product_id": "CSAFPID-2714942"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.2s",
                "product": {
                  "name": "vers:cisco/3.16.2s",
                  "product_id": "CSAFPID-2714788"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.3as",
                "product": {
                  "name": "vers:cisco/3.16.3as",
                  "product_id": "CSAFPID-2714943"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.3s",
                "product": {
                  "name": "vers:cisco/3.16.3s",
                  "product_id": "CSAFPID-2714798"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.4s",
                "product": {
                  "name": "vers:cisco/3.16.4s",
                  "product_id": "CSAFPID-2714944"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.4gs",
                "product": {
                  "name": "vers:cisco/3.16.4gs",
                  "product_id": "CSAFPID-2714974"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.4es",
                "product": {
                  "name": "vers:cisco/3.16.4es",
                  "product_id": "CSAFPID-2714985"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.4ds",
                "product": {
                  "name": "vers:cisco/3.16.4ds",
                  "product_id": "CSAFPID-2714983"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.4cs",
                "product": {
                  "name": "vers:cisco/3.16.4cs",
                  "product_id": "CSAFPID-2714978"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.4bs",
                "product": {
                  "name": "vers:cisco/3.16.4bs",
                  "product_id": "CSAFPID-2714971"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.4as",
                "product": {
                  "name": "vers:cisco/3.16.4as",
                  "product_id": "CSAFPID-2714967"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.5as",
                "product": {
                  "name": "vers:cisco/3.16.5as",
                  "product_id": "CSAFPID-2714992"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.5bs",
                "product": {
                  "name": "vers:cisco/3.16.5bs",
                  "product_id": "CSAFPID-2714996"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.5s",
                "product": {
                  "name": "vers:cisco/3.16.5s",
                  "product_id": "CSAFPID-2714975"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.6bs",
                "product": {
                  "name": "vers:cisco/3.16.6bs",
                  "product_id": "CSAFPID-2715025"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.6s",
                "product": {
                  "name": "vers:cisco/3.16.6s",
                  "product_id": "CSAFPID-2714987"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.7as",
                "product": {
                  "name": "vers:cisco/3.16.7as",
                  "product_id": "CSAFPID-2715168"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.8s",
                "product": {
                  "name": "vers:cisco/3.16.8s",
                  "product_id": "CSAFPID-2715178"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.1as",
                "product": {
                  "name": "vers:cisco/3.16.1as",
                  "product_id": "CSAFPID-2714787"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:cisco/3.16.1s",
                "product": {
                  "name": "vers:cisco/3.16.1s",
                  "product_id": "CSAFPID-2714773"
                }
              }
            ],
            "category": "product_name",
            "name": "Cisco IOS XE Software"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-20137",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20137",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20137.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20137"
    },
    {
      "cve": "CVE-2025-20140",
      "cwe": {
        "id": "CWE-789",
        "name": "Memory Allocation with Excessive Size Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Memory Allocation with Excessive Size Value",
          "title": "CWE-789"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20140",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20140.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20140"
    },
    {
      "cve": "CVE-2025-20154",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20154",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20154.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20154"
    },
    {
      "cve": "CVE-2025-20162",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20162",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20162.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20162"
    },
    {
      "cve": "CVE-2025-20181",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Verification of Cryptographic Signature",
          "title": "CWE-347"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20181",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20181.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20181"
    },
    {
      "cve": "CVE-2025-20182",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20182",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20182.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20182"
    },
    {
      "cve": "CVE-2025-20186",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20186",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20186.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20186"
    },
    {
      "cve": "CVE-2025-20188",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Hard-coded Credentials",
          "title": "CWE-798"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20188",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20188.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20188"
    },
    {
      "cve": "CVE-2025-20189",
      "cwe": {
        "id": "CWE-762",
        "name": "Mismatched Memory Management Routines"
      },
      "notes": [
        {
          "category": "other",
          "text": "Mismatched Memory Management Routines",
          "title": "CWE-762"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20189",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20189.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20189"
    },
    {
      "cve": "CVE-2025-20190",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20190",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20190.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20190"
    },
    {
      "cve": "CVE-2025-20192",
      "cwe": {
        "id": "CWE-232",
        "name": "Improper Handling of Undefined Values"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Undefined Values",
          "title": "CWE-232"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20192",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20192.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20192"
    },
    {
      "cve": "CVE-2025-20194",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        },
        {
          "category": "other",
          "text": "Cross-Site Request Forgery (CSRF)",
          "title": "CWE-352"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20194",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20194.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20194"
    },
    {
      "cve": "CVE-2025-20202",
      "cwe": {
        "id": "CWE-805",
        "name": "Buffer Access with Incorrect Length Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Buffer Access with Incorrect Length Value",
          "title": "CWE-805"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2714930",
          "CSAFPID-2715313",
          "CSAFPID-2715043",
          "CSAFPID-2715520",
          "CSAFPID-2715459",
          "CSAFPID-2715039",
          "CSAFPID-2714932",
          "CSAFPID-2715445",
          "CSAFPID-2715031",
          "CSAFPID-2715164",
          "CSAFPID-2715478",
          "CSAFPID-2715170",
          "CSAFPID-2715017",
          "CSAFPID-2714865",
          "CSAFPID-2714842",
          "CSAFPID-2714989",
          "CSAFPID-2715536",
          "CSAFPID-2714784",
          "CSAFPID-2715032",
          "CSAFPID-2714746",
          "CSAFPID-2714941",
          "CSAFPID-2714791",
          "CSAFPID-2714942",
          "CSAFPID-2714788",
          "CSAFPID-2714943",
          "CSAFPID-2714798",
          "CSAFPID-2714944",
          "CSAFPID-2714974",
          "CSAFPID-2714985",
          "CSAFPID-2714983",
          "CSAFPID-2714978",
          "CSAFPID-2714971",
          "CSAFPID-2714967",
          "CSAFPID-2714992",
          "CSAFPID-2714996",
          "CSAFPID-2714975",
          "CSAFPID-2715025",
          "CSAFPID-2714987",
          "CSAFPID-2715168",
          "CSAFPID-2715178",
          "CSAFPID-2714787",
          "CSAFPID-2714773"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20202",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20202.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2714930",
            "CSAFPID-2715313",
            "CSAFPID-2715043",
            "CSAFPID-2715520",
            "CSAFPID-2715459",
            "CSAFPID-2715039",
            "CSAFPID-2714932",
            "CSAFPID-2715445",
            "CSAFPID-2715031",
            "CSAFPID-2715164",
            "CSAFPID-2715478",
            "CSAFPID-2715170",
            "CSAFPID-2715017",
            "CSAFPID-2714865",
            "CSAFPID-2714842",
            "CSAFPID-2714989",
            "CSAFPID-2715536",
            "CSAFPID-2714784",
            "CSAFPID-2715032",
            "CSAFPID-2714746",
            "CSAFPID-2714941",
            "CSAFPID-2714791",
            "CSAFPID-2714942",
            "CSAFPID-2714788",
            "CSAFPID-2714943",
            "CSAFPID-2714798",
            "CSAFPID-2714944",
            "CSAFPID-2714974",
            "CSAFPID-2714985",
            "CSAFPID-2714983",
            "CSAFPID-2714978",
            "CSAFPID-2714971",
            "CSAFPID-2714967",
            "CSAFPID-2714992",
            "CSAFPID-2714996",
            "CSAFPID-2714975",
            "CSAFPID-2715025",
            "CSAFPID-2714987",
            "CSAFPID-2715168",
            "CSAFPID-2715178",
            "CSAFPID-2714787",
            "CSAFPID-2714773"
          ]
        }
      ],
      "title": "CVE-2025-20202"
    }
  ]
}

WID-SEC-W-2025-0972

Vulnerability from csaf_certbund - Published: 2025-05-07 22:00 - Updated: 2025-05-07 22:00

Summary

Cisco IOS-Software für Cisco Catalyst Switches: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Cisco Internetwork Operating System (IOS) ist ein Betriebssystem, das für Cisco Geräte wie z. B. Router und Switches eingesetzt wird. Catalyst ist der Markenname für eine Vielzahl von Netzwerk-Switches die von Cisco Systems verkauft werden.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Cisco IOS für Cisco Catalyst Switches ausnutzen, um Sicherheitsmaßnahmen zu umgehen und beliebigen Code auszuführen.

Betroffene Betriebssysteme

- CISCO Appliance - Hardware Appliance

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Cisco Internetwork Operating System (IOS) ist ein Betriebssystem, das f\u00fcr Cisco Ger\u00e4te wie z. B. Router und Switches eingesetzt wird.\r\nCatalyst ist der Markenname f\u00fcr eine Vielzahl von Netzwerk-Switches die von Cisco Systems verkauft werden.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Cisco IOS f\u00fcr Cisco Catalyst Switches ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen und beliebigen Code auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- CISCO Appliance\n- Hardware Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0972 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0972.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0972 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0972"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory cisco-sa-ipsgacl-pg6qfZk vom 2025-05-07",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory cisco-sa-c2960-3560-sboot-ZtqADrHq vom 2025-05-07",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960-3560-sboot-ZtqADrHq"
      }
    ],
    "source_lang": "en-US",
    "title": "Cisco IOS-Software f\u00fcr Cisco Catalyst Switches: Mehrere Schwachstellen erm\u00f6glichen Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2025-05-07T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-08T09:59:16.909+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0972",
      "initial_release_date": "2025-05-07T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-05-07T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1000 Series Switches",
                "product": {
                  "name": "Cisco Catalyst 1000 Series Switches",
                  "product_id": "T043462",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:catalyst:1000_series_switches"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2960L Series Switches",
                "product": {
                  "name": "Cisco Catalyst 2960L Series Switches",
                  "product_id": "T043463",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:catalyst:2960l_series_switches"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2960X Series Switches",
                "product": {
                  "name": "Cisco Catalyst 2960X Series Switches",
                  "product_id": "T043464",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:catalyst:2960x_series_switches"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2960XR Series Switches",
                "product": {
                  "name": "Cisco Catalyst 2960XR Series Switches",
                  "product_id": "T043465",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:catalyst:2960xr_series_switches"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2960CX Series Switches",
                "product": {
                  "name": "Cisco Catalyst 2960CX Series Switches",
                  "product_id": "T043466",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:catalyst:2960cx_series_switches"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3560CX Series Switches",
                "product": {
                  "name": "Cisco Catalyst 3560CX Series Switches",
                  "product_id": "T043467",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:catalyst:3560cx_series_switches"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Catalyst"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Software for Cisco Catalyst Switches",
                "product": {
                  "name": "Cisco IOS Software for Cisco Catalyst Switches",
                  "product_id": "T043461",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:cisco:ios:software_for_cisco_catalyst_switches"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "IOS"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-20137",
      "product_status": {
        "known_affected": [
          "T043461",
          "T043462",
          "T043463"
        ]
      },
      "release_date": "2025-05-07T22:00:00.000+00:00",
      "title": "CVE-2025-20137"
    },
    {
      "cve": "CVE-2025-20181",
      "product_status": {
        "known_affected": [
          "T043465",
          "T043466",
          "T043467",
          "T043461",
          "T043464"
        ]
      },
      "release_date": "2025-05-07T22:00:00.000+00:00",
      "title": "CVE-2025-20181"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-20137 (GCVE-0-2025-20137)

GHSA-X37R-WQWH-97QM

CISCO-SA-IPSGACL-PG6QFZK

FKIE_CVE-2025-20137

CNVD-2025-15478

NCSC-2025-0146

WID-SEC-W-2025-0972

Tags

Sightings

Nomenclature