Cisco

Cisco Systems has addressed a high-severity denial of service (DoS) vulnerability, identified as CVE-2025-20115, impacting IOS XR routers used in carrier-grade environments. The flaw, which resides in the BGP confederation implementation, could be exploited through a specially crafted BGP update message. If successfully exploited without authentication, attackers could remotely trigger a memory corruption via buffer overflow, causing the BGP process to restart and leading to device disruptions. This vulnerability affects a sensitive part of network infrastructure but requires certain configurations to be exploitable. While patches have been released, there have been no reports of active exploitation in the wild. However, Cisco has provided workarounds and urged customers to update as preventive measures against potential disruptions.

Source: https://www.bleepingcomputer.com/news/security/cisco-vulnerability-lets-attackers-crash-bgp-on-ios-xr-routers/

"id": "cis832031425",
"linkid": "cisco",
"type": "Vulnerability",
"date": "3/2025",
"severity": "60",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"