Improper access control in Cisco Systems, Inc products - CVE-2025-20159
Published: September 11, 2025
Vulnerability identifier: #VU115158
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-20159
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco IOS XR
Cisco 8000 Series Routers
Cisco ASR 9000 Series Aggregation Services Routers
IOS XRd vRouter
Cisco IOS XRv 9000 Router
NCS 5700 Series Routers
IOS XR White box
NCS540
NCS560
NCS 1010
NCS 1014
NCS5500
Cisco IOS XR
Cisco 8000 Series Routers
Cisco ASR 9000 Series Aggregation Services Routers
IOS XRd vRouter
Cisco IOS XRv 9000 Router
NCS 5700 Series Routers
IOS XR White box
NCS540
NCS560
NCS 1010
NCS 1014
NCS5500
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the management interface access control list (ACL) processing feature. A remote attacker can bypass an ingress ACL that is applied on the management interface of the target device.
How to mitigate CVE-2025-20159
Install updates from vendor's website.