Summary: Cisco has released security updates for Nexus switches to address critical vulnerabilities, including a high-severity denial of service (DoS) flaw and a command injection vulnerability. The most severe vulnerability, CVE-2025-20111, could allow unauthenticated attackers to cause devices to unexpectedly reload. The updates affect various models of Cisco Nexus switches running vulnerable releases of NX-OS Software.
Affected: Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches
Keypoints :
- High-severity flaw CVE-2025-20111 enables unauthenticated, adjacent attackers to exploit devices leading to DoS conditions.
- Denial of service could result from incorrect handling of specific Ethernet frames.
- Command injection vulnerability CVE-2025-20161 can be exploited by authenticated local attackers on affected models.
- Products impacted include Nexus 3100, 3200, 3400, 3600, 9200, 9300, and 9400 Series in standalone NX-OS mode.
- Cisco PSIRT is currently unaware of any active exploits targeting these vulnerabilities.