We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-20138

Cisco IOS XR Software CLI Privilege Escalation Vulnerability



Description

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands.

Reserved 2024-10-10 | Published 2025-03-12 | Updated 2025-03-14 | Assigner cisco


HIGH: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unknown

6.5.3
affected

6.5.29
affected

6.5.1
affected

6.6.1
affected

6.5.2
affected

6.5.92
affected

6.5.15
affected

6.6.2
affected

7.0.1
affected

6.6.25
affected

6.5.26
affected

6.6.11
affected

6.5.25
affected

6.5.28
affected

6.5.93
affected

6.6.12
affected

6.5.90
affected

7.0.0
affected

7.1.1
affected

7.0.90
affected

6.6.3
affected

7.0.2
affected

7.1.15
affected

7.2.0
affected

7.2.1
affected

7.1.2
affected

7.0.11
affected

7.0.12
affected

6.7.2
affected

7.0.14
affected

7.1.25
affected

6.6.4
affected

7.2.12
affected

7.3.1
affected

7.1.3
affected

7.4.1
affected

7.2.2
affected

6.7.4
affected

6.5.31
affected

7.3.15
affected

7.3.16
affected

7.4.15
affected

6.5.32
affected

7.3.2
affected

7.5.1
affected

7.4.16
affected

7.3.27
affected

7.6.1
affected

7.5.2
affected

7.8.1
affected

7.6.15
affected

7.5.12
affected

7.8.12
affected

7.3.3
affected

7.7.1
affected

7.3.4
affected

7.4.2
affected

7.6.2
affected

7.5.3
affected

7.7.2
affected

7.9.1
affected

7.10.1
affected

7.8.2
affected

7.5.4
affected

6.5.33
affected

7.8.22
affected

7.7.21
affected

7.9.2
affected

7.3.5
affected

7.5.5
affected

7.11.1
affected

7.9.21
affected

7.10.2
affected

24.1.1
affected

7.6.3
affected

7.3.6
affected

7.5.52
affected

7.11.2
affected

24.2.1
affected

24.1.2
affected

24.2.11
affected

24.3.1
affected

24.2.2
affected

7.8.23
affected

7.11.21
affected

24.2.20
affected

24.3.2
affected

24.4.10
affected

6.5.35
affected

24.3.20
affected

References

sec.cloudapps.cisco.com/.../cisco-sa-iosxr-priv-esc-GFQjxvOF (cisco-sa-iosxr-priv-esc-GFQjxvOF)

blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/ (Crafting endless AS-PATHS in BGP)

cve.org (CVE-2025-20138)

nvd.nist.gov (CVE-2025-20138)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2025-20138

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.