Cisco has issued a security advisory warning of a vulnerability in its IOS XR Software that could allow attackers to launch denial-of-service (DoS) attacks.
The vulnerability, identified as CVE-2025-20115, affects the Border Gateway Protocol (BGP) confederation implementation.
The CVE-2025-20115 vulnerability affects the Border Gateway Protocol (BGP) confederation implementation in Cisco IOS XR Software, potentially allowing an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition.
Overview of the vulnerability
This vulnerability arises from a memory corruption issue that occurs when a BGP update contains an AS_CONFED_SEQUENCE attribute with 255 or more autonomous system numbers.
An attacker could exploit this vulnerability by sending crafted BGP update messages or by configuring the network in such a way that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more.
To exploit the vulnerability, an attacker must either control a BGP confederation speaker within the same autonomous system as the target or engineer the network to meet this specific AS path length condition.
A successful exploit can lead to memory corruption, potentially causing the BGP process to restart, which results in a DoS condition and disrupts network operations.
The vulnerability has a CVSS score of 8.6 based on CVSS:3.1 and aligns with CWE-120, Buffer Copy without Checking Size of Data.
Affected Product
| Product | CVE | Advisory Link |
| Cisco IOS XR Software | CVE-2025-20115 | Cisco Security Advisory |
To exploit this vulnerability, an attacker must either control a BGP confederation speaker within the same autonomous system as the target or engineer the network so that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more.
This highlights the risk of network design contributing to vulnerability.
Cisco has released software updates to address this issue. Additionally, a workaround is available by implementing a routing policy to restrict the BGP AS path length to 254 AS numbers or fewer.
While this workaround has been tested and proven effective, customers should evaluate its applicability and potential impact on their specific network environment.
This vulnerability underscores the importance of regular software updates and network configuration reviews.
Customers are advised to consult with Cisco’s technical support for tailored advice and to ensure that any updates or workarounds are suitable for their specific setup.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
