CVE-2025-20248
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-10

Last updated on: 2025-09-11

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files during the installation of an .iso file. An attacker could exploit this vulnerability by modifying contents of the .iso image and then installing and activating it on the device. A successful exploit could allow the attacker to load an unsigned file as part of the image activation process.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-10
Last Modified
2025-09-11
Generated
2026-05-07
AI Q&A
2025-09-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-20248
EUVD
EUVD-2025-27575
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
cisco ncs_5700 *
cisco ios_xr_software *
cisco iosxr_white_box *
cisco ios_xrv_9000_routers *
cisco asr_9000_series_routers *
cisco ncs_540 *
cisco ncs_5000 *
cisco ncs_1000 *
cisco ncs_6000 *
cisco ncs_5500 *
cisco ncs_560 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-347 The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Cisco IOS XR Software allows an authenticated local attacker with root-system privileges to bypass the software image signature verification during installation. It occurs because of incomplete validation of files within an .iso installation image, enabling the attacker to modify the .iso contents and install and activate unsigned software on affected devices. [1]


How can this vulnerability impact me? :

If exploited, this vulnerability could allow an attacker with root access to load and activate unsigned, potentially malicious software on the device. This could compromise the device's confidentiality and integrity, leading to unauthorized control or manipulation of the system. However, exploitation requires already having root-system privileges. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by verifying the integrity of the Cisco IOS XR Software image installed on the device. You should compare the MD5 or SHA512 checksums of the installed image against the official checksums published on Cisco.com. Monitoring devices for unexpected downgrades to vulnerable software versions is also recommended. Specific commands to perform checksum validation are demonstrated in the Cisco advisory, typically involving commands to display the image checksum on the device and comparing it to the published values. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include upgrading affected devices to the fixed Cisco IOS XR Software releases. The first fixed releases are IOS XR 24.2.21 and 24.4.2; versions 25.1 and later are not affected. Since no workarounds exist, applying these updates is critical. Additionally, ensure that you verify software image integrity before installation by checking MD5 or SHA512 checksums. Monitor devices for any unexpected downgrades to vulnerable versions. If you do not have a service contract, contact Cisco TAC with proof of entitlement to obtain the fixes. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart