#VU116105 Buffer Access with Incorrect Length Value in Cisco Systems, Inc products - CVE-2025-20315
Published: September 25, 2025
Vulnerability identifier: #VU116105
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-20315
CWE-ID: CWE-805
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XE
1100 Integrated Services Routers
4000 Series Integrated Services Routers
ASR 920 Series Aggregation Services Routers
ASR 1000 Series Aggregation Services Routers
Catalyst 1101 Rugged Routers
Catalyst 8000V Edge Software
Catalyst 8200 Series Edge Platforms
Catalyst 8300 Series Edge Platforms
Catalyst 8500 Edge Platforms
Catalyst 8500L Edge Platforms
Catalyst IR8300 Rugged Series Routers
Cisco IOS XE
1100 Integrated Services Routers
4000 Series Integrated Services Routers
ASR 920 Series Aggregation Services Routers
ASR 1000 Series Aggregation Services Routers
Catalyst 1101 Rugged Routers
Catalyst 8000V Edge Software
Catalyst 8200 Series Edge Platforms
Catalyst 8300 Series Edge Platforms
Catalyst 8500 Edge Platforms
Catalyst 8500L Edge Platforms
Catalyst IR8300 Rugged Series Routers
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of malformed Control and Provisioning of Wireless Access Points (CAPWAP) packets in the Network-Based Application Recognition (NBAR) feature. A remote attacker can send a specially crafted CAPWAP packet and cause a denial of service condition on the target system.
Remediation
Install update from vendor's website.