CVE-2025-20146
Published: 12 March 2025
Description
Adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users.
Security Summary
CVE-2025-20146 is a vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers. The issue stems from the incorrect handling of malformed IPv4 multicast packets received on line cards where the interface has either an IPv4 access control list (ACL) or a QoS policy applied. It has a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) and is associated with CWE-20 (Improper Input Validation).
An unauthenticated, remote attacker could exploit this vulnerability by sending crafted IPv4 multicast packets through an affected device. A successful exploit would trigger line card exceptions or a hard reset, resulting in a denial-of-service (DoS) condition where traffic over that line card is lost during the reload process.
Mitigation details are available in the Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multicast-ERMrSvq7. Additional context appears in the APNIC blog post at https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/. The vulnerability was published on 2025-03-12.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability enables remote unauthenticated exploitation of input validation flaw in network device to cause line card crash/reset and traffic DoS, directly matching Network Denial of Service via device vulnerability exploitation.