SB2025031278 - Secure boot bypass in Cisco IOS XR

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2025-20143)

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to bypass security boot protections.

The vulnerability exists due to improper cryptographic signature verification of modules in the software load process. A local user can bypass some of the integrity checks that are performed during the booting process and compromise the affected system.

This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco IOS XR Software, regardless of device configuration:

• ASR 9000 Series Aggregation Services Routers (64-bit)
• IOS XRv 9000 Routers
• Network Convergence System (NCS) 540 Series Routers that are running an NCS540-iosxr base image
• NCS 560 Series Routers
• NCS 1000 Series
• NCS 5000 Series Routers
• NCS 5500 Series Routers

Remediation

Install update from vendor's website.

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-lkm-zNErZjbZ
• https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx66790
• https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx66852