Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in its widely used IOS, IOS XE, and IOS XR software.
The flaw, tracked as CVE-2025-20154, allows unauthenticated attackers to trigger denial-of-service (DoS) conditions by forcing devices to reboot remotely.
Vulnerability Overview
The weakness stems from improper handling of Two-Way Active Measurement Protocol (TWAMP) control packets. Attackers exploiting this flaw can send crafted requests that cause:
.png
)
- IOS/IOS XE devices: Full system reloads (8.6 CVSS score, high severity)
- IOS XR devices: Crashes of the ipsla_ippm_server process when debugs are active (3.7 CVSS score, low severity)
Cisco confirms no workarounds exist, emphasizing immediate patching as the only remedy.
Affected Products
| Product | Impact | CVSS Score | Affected Versions |
| Cisco IOS | Full device reload | 8.6 | All TWAMP-enabled installations |
| IOS XE | Full device reload | 8.6 | 16.6.1–17.2.3 (with debugs) Other releases up to fixed versions |
| IOS XR | Process crash (debug mode only) | 3.7 | TWAMP-enabled + active debugs |
The risk associated with CVE-2025-20154 is significant, particularly for organizations relying on Cisco IOS, IOS XE, and IOS XR devices in core network roles.
The vulnerability’s high CVSS score of 8.6 for IOS and IOS XE highlights the potential for substantial disruption, as an unauthenticated remote attacker could send specially crafted TWAMP control packets to trigger a device reload and cause a denial-of-service (DoS) event.
This could lead to service outages, interrupted business operations, and degraded network reliability, especially in environments where the Twenty-Way Active Measurement Protocol (TWAMP) is enabled for network performance monitoring.
For IOS XR deployments, while the impact is somewhat lower (CVSS 3.7), the vulnerability can still cause the ipsla_ippm_server process to crash if debugging is enabled, potentially affecting performance monitoring and diagnostics.
The absence of available workarounds and the ease of exploitation on internet-facing devices further increase the risk.
Therefore, organizations using affected Cisco products in mission-critical or exposed settings should treat this vulnerability as a priority for immediate patching and remediation.
Setting Up SOC Team? – Download Free Ultimate SIEM Pricing Guide (PDF) For Your SOC Team -> Free Download
 warning of a critical vulnerability in its widely used IOS, IOS XE, and IOS XR software.){kind=link}