Summary: Cisco has addressed a critical denial of service (DoS) vulnerability in its IOS XR software that allows attackers to crash the BGP process on affected routers via a single BGP update message. This high-severity flaw (CVE-2025-20115) necessitates specific conditions for exploitation, including misconfigured BGP confederation settings. Users are urged to migrate to fixed software releases or limit BGP configurations to mitigate potential risks.

Affected: Cisco IOS XR routers (e.g., ASR 9000, NCS 5500, CRS series)

Keypoints :

• A DoS vulnerability (CVE-2025-20115) allows unauthenticated attacks on IOS XR routers.
• The flaw can be exploited through crafted BGP update messages with excessive AS numbers in the AS_CONFED_SEQUENCE attribute.
• Cisco recommends applying software upgrades or configuring BGP limits to reduce exposure to attacks.