Improper Verification of Cryptographic Signature in Cisco Systems, Inc products - CVE-2025-20248
Published: September 11, 2025
Vulnerability identifier: #VU115156
CSH Severity:
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
CVE-ID: CVE-2025-20248
CWE-ID: CWE-347
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco IOS XR
Cisco ASR 9000 Series Aggregation Services Routers
Cisco IOS XRv 9000 Router
Cisco Network Convergence System 540 Series Routers
NCS 5000
NCS 5700 Series Routers
NCS 6000 Series Routers
NCS 1000 Series
IOS XR White box
NCS560
NCS5500
Cisco IOS XR
Cisco ASR 9000 Series Aggregation Services Routers
Cisco IOS XRv 9000 Router
Cisco Network Convergence System 540 Series Routers
NCS 5000
NCS 5700 Series Routers
NCS 6000 Series Routers
NCS 1000 Series
IOS XR White box
NCS560
NCS5500
Detailed vulnerability description
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to incomplete validation of files during the installation of an .iso file. A local administrator can load an unsigned file as part of the image activation process.
How to mitigate CVE-2025-20248
Install updates from vendor's website.