CVE-2025-20140
HIGHDescription
A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of IPv6 network requests from an associated wireless IPv6 client to an affected device. To associate a client to a device, an attacker may first need to authenticate to the network, or associate freely in the case of a configured open network. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to stop responding, resulting in a DoS condition.
Is your site exposed to CVE-2025-20140?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | ios_xe |
| cisco | catalyst_9800-cl_wireless_controllers_for_cloud |
| cisco | catalyst_9105axi |
| cisco | catalyst_9115axe |
| cisco | catalyst_9115axi |
| cisco | catalyst_9117axi |
| cisco | catalyst_9120axe |
| cisco | catalyst_9120axi |
| cisco | catalyst_9120axp |
| cisco | catalyst_9130axe |
| cisco | catalyst_9130axi |
| cisco | catalyst_9800-40 |
| cisco | catalyst_9800-80 |
| cisco | catalyst_9800-l |
| cisco | catalyst_cw9800h1 |
| cisco | catalyst_cw9800h2 |
| cisco | catalyst_cw9800m |
References
Frequently Asked Questions
What is CVE-2025-20140? +
How severe is CVE-2025-20140? +
What products are affected by CVE-2025-20140? +
How do I check if I'm vulnerable to CVE-2025-20140? +
Related Vulnerabilities
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler …
Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. …
Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.8.0, the decode_unknown_field function in buffa's …
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp …
Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service …
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry …