Main Vulnerability Database Vulnerabilities #VU105678

#VU105678 Improper Verification of Cryptographic Signature in Cisco IOS XR - CVE-2025-20143

Published: March 12, 2025

Vulnerability identifier: #VU105678

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-20143

CWE-ID: CWE-347

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS XR

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a local user to bypass security boot protections.

The vulnerability exists due to improper cryptographic signature verification of modules in the software load process. A local user can bypass some of the integrity checks that are performed during the booting process and compromise the affected system.

This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco IOS XR Software, regardless of device configuration:

ASR 9000 Series Aggregation Services Routers (64-bit)
IOS XRv 9000 Routers
Network Convergence System (NCS) 540 Series Routers that are running an NCS540-iosxr base image
NCS 560 Series Routers
NCS 1000 Series
NCS 5000 Series Routers
NCS 5500 Series Routers

Remediation

Install updates from vendor's website.

#VU105678 Improper Verification of Cryptographic Signature in Cisco IOS XR - CVE-2025-20143

Description

Remediation

External links

Please verify you're human