Vulnslist

find the latest Cisco vulnerabilities

Cisco IOS XR Software Management Interface ACL Bypass Vulnerability

cisco-sa-acl-packetio-Swjhhbtz · Medium · Published · Updated

A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vulnerability exists because management interface ACLs have not been supported on Cisco IOS XR Software Packet I/O infrastructure platforms for Linux-handled features such as SSH, NetConf, or gRPC. An attacker could exploit this vulnerability by attempting to send traffic to an affected device. A successful exploit could allow the attacker to bypass an ingress ACL that is applied on the management interface of the affected device. For more information about this vulnerability, see the Details section of this advisory. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-acl-packetio-Swjhhbtz This advisory is part of the September 2025 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2025 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication.

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds for attaching the IPv4 or IPv6 ACL to the management interface to block gRPC, SSH, or NETCONF over SSH. Customers need to migrate to a fixed release that introduces support for this feature. For more information about the platforms and the types of filtering to apply to the affected protocols to ensure that devices are properly protected from unauthorized access, see the Details ["#details"] section of this advisory.

However, a workaround for this vulnerability is available for customers who cannot upgrade to a fixed release. To coordinate implementation of the workaround, contact the Cisco Technical Assistance Center (TAC).

While this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVEsCVE-2025-20159
Cisco Bug IDsCSCwo51041, CSCwb70861, CSCwo52518, CSCwq48170
CVSS ScoreBase 5.3
Base 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco IOS XR Software, Cisco IOS

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2025-20159 Cisco OpenVuln
Cisco Meraki MS Series Switches CVE-2025-20159 Cisco OpenVuln
Cisco IOS Software CVE-2025-20159 Cisco OpenVuln
Cisco Catalyst PON Series Switches CVE-2025-20159 Cisco OpenVuln
Cisco Application Centric Infrastructure Virtual Edge CVE-2025-20159 Cisco OpenVuln
Cisco IOS XR Software CVE-2025-20159 Cisco OpenVuln
Cisco IOS CVE-2025-20159 Cisco OpenVuln