Summary: Cisco has addressed a critical denial of service (DoS) vulnerability in its IOS XR software that allows attackers to crash the BGP process on affected routers via a single BGP update message. This high-severity flaw (CVE-2025-20115) necessitates specific conditions for exploitation, including misconfigured BGP confederation settings. Users are urged to migrate to fixed software releases or limit BGP configurations to mitigate potential risks.
Affected: Cisco IOS XR routers (e.g., ASR 9000, NCS 5500, CRS series)
Keypoints :
- A DoS vulnerability (CVE-2025-20115) allows unauthenticated attacks on IOS XR routers.
- The flaw can be exploited through crafted BGP update messages with excessive AS numbers in the AS_CONFED_SEQUENCE attribute.
- Cisco recommends applying software upgrades or configuring BGP limits to reduce exposure to attacks.