Cisco has issued a security advisory warning of a vulnerability in its IOS XR Software that could allow attackers to launch denial-of-service (DoS) attacks.
The vulnerability, identified as CVE-2025-20115, affects the Border Gateway Protocol (BGP) confederation implementation.
The CVE-2025-20115 vulnerability affects the Border Gateway Protocol (BGP) confederation implementation in Cisco IOS XR Software, potentially allowing an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition.
This vulnerability arises from a memory corruption issue that occurs when a BGP update contains an AS_CONFED_SEQUENCE attribute with 255 or more autonomous system numbers.
An attacker could exploit this vulnerability by sending crafted BGP update messages or by configuring the network in such a way that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more.
To exploit the vulnerability, an attacker must either control a BGP confederation speaker within the same autonomous system as the target or engineer the network to meet this specific AS path length condition.
A successful exploit can lead to memory corruption, potentially causing the BGP process to restart, which results in a DoS condition and disrupts network operations.
The vulnerability has a CVSS score of 8.6 based on CVSS:3.1 and aligns with CWE-120, Buffer Copy without Checking Size of Data.
| Product | CVE | Advisory Link |
| Cisco IOS XR Software | CVE-2025-20115 | Cisco Security Advisory |
To exploit this vulnerability, an attacker must either control a BGP confederation speaker within the same autonomous system as the target or engineer the network so that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more.
This highlights the risk of network design contributing to vulnerability.
Cisco has released software updates to address this issue. Additionally, a workaround is available by implementing a routing policy to restrict the BGP AS path length to 254 AS numbers or fewer.
While this workaround has been tested and proven effective, customers should evaluate its applicability and potential impact on their specific network environment.
This vulnerability underscores the importance of regular software updates and network configuration reviews.
Customers are advised to consult with Cisco’s technical support for tailored advice and to ensure that any updates or workarounds are suitable for their specific setup.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
A newly uncovered hacking campaign is targeting business leaders and cryptocurrency firms by abusing Zoom’s…
A major security flaw in the Speedify VPN application for macOS, tracked as CVE-2025-25364, has exposed…
A newly disclosed critical vulnerability (CVE-2025-32434) in PyTorch, the widely used open-source machine learning framework,…
ASUS has acknowledged multiple critical vulnerabilities affecting its routers that could allow hackers to remotely…
A sophisticated phishing attack exploiting a loophole in Google’s OAuth infrastructure has surfaced, raising significant…
In the ever-evolving world of cybersecurity, the ability to detect threats quickly and accurately is…