CyberSecurity news

FlagThis

Sergiu Gatlan@BleepingComputer //
Cisco has addressed a critical denial-of-service (DoS) vulnerability, CVE-2025-20115, found in the Border Gateway Protocol (BGP) confederation implementation of its IOS XR Software. The vulnerability arises from a memory corruption flaw, specifically the improper handling of the AS_CONFED_SEQUENCE attribute within BGP update messages. An attacker can exploit this by injecting a crafted message containing 255 or more autonomous system numbers, leading to process instability and a potential BGP process restart.

Successful exploitation of this flaw allows unauthenticated attackers to crash the BGP process, disrupting network routing and potentially causing significant service outages. This is particularly concerning for large-scale networks using BGP confederation. The affected software versions include Cisco IOS XR Release 7.11 and earlier, Release 24.1 and earlier, Release 24.2 until version 24.2.21, and Release 24.3, which has been patched in version 24.3.1. The primary mitigation strategy is to apply the latest software update provided by Cisco.
Original img attribution: https://www.bleepstatic.com/content/hl-images/2025/03/04/Cisco_headpic.jpg
ImgSrc: www.bleepstatic

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • The DefendOps Diaries: Understanding the Cisco IOS XR Vulnerability: CVE-2025-20115
  • BleepingComputer: Cisco vulnerability lets attackers crash BGP on IOS XR routers
  • www.cysecurity.news: Cisco Warns of Critical Security Flaw in IOS XR Software – Immediate Update Recommended
  • securityaffairs.com: Cisco IOS XR flaw allows attackers to crash BGP process on routers
  • securityonline.info: Cisco Alerts on Public Disclosure of CVE-2025-20115 – BGP Flaw Puts Networks at Risk
  • Rescana: The Cisco IOS XR Software Border Gateway Protocol (BGP) Confederation Denial of Service vulnerability , identified as...
  • gbhackers.com: Cisco has issued a security advisory warning of a vulnerability in its IOS XR Software that could allow attackers to launch denial-of-service (DoS) attacks.  The vulnerability, identified as CVE-2025-20115, affects the Border Gateway Protocol (BGP) confederation implementation. The CVE-2025-20115 vulnerability affects the Border Gateway Protocol (BGP) confederation implementation in Cisco IOS XR Software, potentially allowing
  • bsky.app: Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message.
Classification:
  • HashTags: #CiscoVulnerability #BGPDoS #NetworkSecurity
  • Company: Cisco
  • Target: Cisco IOS XR routers
  • Product: Cisco IOS XR
  • Feature: BGP Confederation
  • Type: Vulnerability
  • Severity: Major