Cyber Security News

Cisco Issues High-Severity Security Alert for IOS XR Software

Cyware
Cisco Issues High-Severity Security Alert for IOS XR Software
Summary: Cisco has issued a security advisory about a high-severity vulnerability (CVE-2025-20138) affecting IOS XR Software, with a CVSS score of 8.8. This vulnerability allows authenticated local attackers to execute arbitrary commands as root, leading to significant risks for affected systems. Mitigation requires immediate software updates as no workarounds are available, specifically for Cisco IOS XR 64-bit Software across all device configurations.

Affected: Cisco IOS XR Software

Keypoints :

  • Vulnerability CVE-2025-20138 found in the Command Line Interface (CLI) of Cisco IOS XR Software.
  • Insufficient validation of user arguments allows privilege escalation for low-privileged accounts.
  • No workarounds are available; immediate software updates are necessary.
  • Confirmed unaffected products include IOS, IOS XE, NX-OS, and IOS XR 32-bit Software.
  • Specific upgrade paths provided for various IOS XR versions to mitigate the risk.

Source: https://securityonline.info/cisco-issues-high-severity-security-alert-for-ios-xr-software-cve-2025-20138/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint