CVE-2025-20141

HIGH
Published Mar 12, 2025 Modified Aug 6, 2025 CWE-770

Description

A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.  This vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition.

Is your site exposed to CVE-2025-20141?

Run a free security scan — no signup, results in seconds.

CVSS v3.1 Score

7.4
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Weakness Type (CWE)

CWE-770 CWE-770

Affected Products

Vendor Product
cisco ios_xr
cisco ncs_540-12z20g-sys-a
cisco ncs_540-12z20g-sys-d
cisco ncs_540-24q2c2dd-sys
cisco ncs_540-24q8l2dd-sys
cisco ncs_540-24z8q2c-sys
cisco ncs_540-28z4c-sys-a
cisco ncs_540-28z4c-sys-d
cisco ncs_540-6z14s-sys-d
cisco ncs_540-6z18g-sys-a
cisco ncs_540-6z18g-sys-d
cisco ncs_540-acc-sys
cisco ncs_540-fh-agg
cisco ncs_540-fh-csr-sys
cisco ncs_540x-12z16g-sys-a
cisco ncs_540x-12z16g-sys-d
cisco ncs_540x-16z4g8q2c-a
cisco ncs_540x-16z4g8q2c-d
cisco ncs_540x-16z8q2c-d
cisco ncs_540x-4z14g2q-a
cisco ncs_540x-4z14g2q-d
cisco ncs_540x-6z18g-sys-a
cisco ncs_540x-6z18g-sys-d
cisco ncs_540x-8z16g-sys-a
cisco ncs_540x-8z16g-sys-d
cisco ncs_540x-acc-sys
cisco ncs_5501
cisco ncs_5501-se
cisco ncs_5502
cisco ncs_5502-se
cisco ncs_5504
cisco ncs_5508
cisco ncs_5516
cisco ncs_55a1-24h
cisco ncs_55a1-24q6h-s
cisco ncs_55a1-24q6h-ss
cisco ncs_55a1-36h
cisco ncs_55a1-36h-se
cisco ncs_55a1-48q6h
cisco ncs_55a2-mod-hd-s
cisco ncs_55a2-mod-s
cisco ncs_55a2-mod-se-s
cisco ncs_57b1-5dse-sys
cisco ncs_57b1-6d24-sys
cisco ncs_57c1-48q6-sys
cisco ncs_57c3-mod-sys
cisco ncs_57d2-18dd-sys

References

Frequently Asked Questions

What is CVE-2025-20141? +
A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.  This vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition. It has a CVSS v3.1 base score of 7.4 (HIGH).
How severe is CVE-2025-20141? +
CVE-2025-20141 has a CVSS v3.1 score of 7.4 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
What products are affected by CVE-2025-20141? +
CVE-2025-20141 affects products from cisco, specifically: ios_xr, ncs_540-12z20g-sys-a, ncs_540-12z20g-sys-d, ncs_540-24q2c2dd-sys, ncs_540-24q8l2dd-sys, ncs_540-24z8q2c-sys, ncs_540-28z4c-sys-a, ncs_540-28z4c-sys-d, ncs_540-6z14s-sys-d, ncs_540-6z18g-sys-a, ncs_540-6z18g-sys-d, ncs_540-acc-sys, ncs_540-fh-agg, ncs_540-fh-csr-sys, ncs_540x-12z16g-sys-a, ncs_540x-12z16g-sys-d, ncs_540x-16z4g8q2c-a, ncs_540x-16z4g8q2c-d, ncs_540x-16z8q2c-d, ncs_540x-4z14g2q-a, ncs_540x-4z14g2q-d, ncs_540x-6z18g-sys-a, ncs_540x-6z18g-sys-d, ncs_540x-8z16g-sys-a, ncs_540x-8z16g-sys-d, ncs_540x-acc-sys, ncs_5501, ncs_5501-se, ncs_5502, ncs_5502-se, ncs_5504, ncs_5508, ncs_5516, ncs_55a1-24h, ncs_55a1-24q6h-s, ncs_55a1-24q6h-ss, ncs_55a1-36h, ncs_55a1-36h-se, ncs_55a1-48q6h, ncs_55a2-mod-hd-s, ncs_55a2-mod-s, ncs_55a2-mod-se-s, ncs_57b1-5dse-sys, ncs_57b1-6d24-sys, ncs_57c1-48q6-sys, ncs_57c3-mod-sys, ncs_57d2-18dd-sys. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-20141? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-20141 — free, no signup required.