CVE-2025-20115
Published: 12 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-20115 is a vulnerability in the confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software. The issue stems from memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute containing 255 autonomous system numbers (ASNs). Published on 2025-03-12, it is rated with a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) and maps to CWE-120 (Buffer Copy without Checking Size of Input).
An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted BGP update message, or it could be triggered if the network is designed such that the AS_CONFED_SEQUENCE attribute grows to 255 ASNs or more. To succeed, the attacker must control a BGP confederation speaker within the same autonomous system as the victim. Exploitation causes memory corruption, which may restart the BGP process and result in a denial-of-service (DoS) condition.
Mitigation details are available in the Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bgp-dos-O7stePhX. Additional technical context on crafting such AS paths appears in the APNIC blog post at https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables exploitation of a memory corruption flaw in the BGP process (via crafted AS_CONFED_SEQUENCE in BGP updates) to crash/restart the service, directly mapping to Application or System Exploitation for DoS.