CVE-2025-20315
BaseFortify
Publication date: 2025-09-24
Last updated on: 2025-09-26
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | ios_xe | 1100 |
| cisco | ios_xe | catalyst_8300 |
| cisco | ios_xe | catalyst_8500l |
| cisco | ios_xe | catalyst_ir8300 |
| cisco | ios_xe | asr_920 |
| cisco | ios_xe | catalyst_8000v |
| cisco | ios_xe | 1000 |
| cisco | ios_xe | catalyst_8200 |
| cisco | ios_xe | catalyst_8500 |
| cisco | ios_xe | 4000 |
| cisco | ios_xe | * |
| cisco | ios_xe | catalyst_1101 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-805 | The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software. It is caused by improper handling of malformed Control and Provisioning of Wireless Access Points (CAPWAP) packets. An unauthenticated, remote attacker can exploit this by sending malformed CAPWAP packets to the affected device, which could cause the device to reload unexpectedly, leading to a denial of service (DoS) condition.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can cause the affected Cisco device to reload unexpectedly, resulting in a denial of service (DoS) condition. This means the device could become temporarily unavailable, disrupting network services and potentially affecting business operations that rely on the device.