CVE-2025-20138
Published: 12 March 2025
Description
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Security Summary
CVE-2025-20138 is a vulnerability in the Command-Line Interface (CLI) of Cisco IOS XR Software. The issue arises from insufficient validation of user arguments passed to specific CLI commands, which could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of affected devices. Published on 2025-03-12, it is classified under CWE-78 (OS Command Injection) with a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
An attacker requires a low-privileged account and local access to the device to exploit this vulnerability by entering crafted commands at the CLI prompt. Successful exploitation enables privilege escalation to root, allowing the execution of arbitrary commands on the operating system with full administrative control, potentially compromising confidentiality, integrity, and availability.
Mitigation details are available in the Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-GFQjxvOF. An additional reference is provided at https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability enables local authenticated command injection in network device CLI leading to root-level arbitrary command execution, directly mapping to exploitation for privilege escalation and abuse of network device CLI.