#VU115156 Improper Verification of Cryptographic Signature in Cisco Systems, Inc products - CVE-2025-20248
Published: September 11, 2025
Vulnerability identifier: #VU115156
Vulnerability risk:
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
CVE-ID: CVE-2025-20248
CWE-ID: CWE-347
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XR
Cisco ASR 9000 Series Aggregation Services Routers
Cisco IOS XRv 9000 Router
Cisco Network Convergence System 540 Series Routers
NCS 5000
NCS 5700 Series Routers
NCS 6000 Series Routers
NCS 1000 Series
IOS XR White box
NCS560
NCS5500
Cisco IOS XR
Cisco ASR 9000 Series Aggregation Services Routers
Cisco IOS XRv 9000 Router
Cisco Network Convergence System 540 Series Routers
NCS 5000
NCS 5700 Series Routers
NCS 6000 Series Routers
NCS 1000 Series
IOS XR White box
NCS560
NCS5500
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to incomplete validation of files during the installation of an .iso file. A local administrator can load an unsigned file as part of the image activation process.
Remediation
Install updates from vendor's website.