CVE-2025-20137

Published May 7, 2025

Last updated 7 months ago

CVSS medium 4.7

Overview

Description: A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. Note: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches.
Source: psirt@cisco.com
NVD status: Analyzed
Products: ios

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.7
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Severity: MEDIUM

Weaknesses

psirt@cisco.com: CWE-284

Hype score: Not currently trending

🔴 #Cisco Catalyst Switches, Access Control Bypass, #CVE-2025-20137 (Critical) https://t.co/F9Bq2c65SM
@dailycve
5 Aug 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(5a\\)e:*:*:*:*:*:*:*",
            "matchCriteriaId": "3A2EB46D-16E0-4C31-8634-C33D70B5381A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(5b\\)e:*:*:*:*:*:*:*",
            "matchCriteriaId": "F29B2E6F-ED6C-4568-9042-7A1BD96A9E07",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(5c\\)e:*:*:*:*:*:*:*",
            "matchCriteriaId": "7803B445-FE22-4D4B-9F3A-68EFE528195E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e:*:*:*:*:*:*:*",
            "matchCriteriaId": "199DCF1B-8A1E-47CC-87A6-64E6F21D8886",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e0c:*:*:*:*:*:*:*",
            "matchCriteriaId": "DD05109E-1183-419D-96A1-9CD5EA5ECC3C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e1:*:*:*:*:*:*:*",
            "matchCriteriaId": "D3C73A3A-4B84-476F-AC3C-81DCB527E29A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e2:*:*:*:*:*:*:*",
            "matchCriteriaId": "5DEE2C71-C401-43D1-86DC-725FE5FDF87E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e2b:*:*:*:*:*:*:*",
            "matchCriteriaId": "FB2842F6-4CD5-457C-AC75-241A5AB9534B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e3:*:*:*:*:*:*:*",
            "matchCriteriaId": "5ABE0470-E94A-4CAF-865D-73E2607A0DC1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e:*:*:*:*:*:*:*",
            "matchCriteriaId": "6437E689-A049-4D48-AB7A-49CA7EBDE8B6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e0a:*:*:*:*:*:*:*",
            "matchCriteriaId": "110B699D-169E-4932-A480-6EBB90CAE94B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e0s:*:*:*:*:*:*:*",
            "matchCriteriaId": "4862C453-8BD7-4D53-B2D6-CE3E44A4915A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e1:*:*:*:*:*:*:*",
            "matchCriteriaId": "D0C4E1F4-AD64-418C-A308-85501E0F3EA2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e1a:*:*:*:*:*:*:*",
            "matchCriteriaId": "27EF41C6-A0D0-4149-BC5D-B31C4F5CC6D1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e2:*:*:*:*:*:*:*",
            "matchCriteriaId": "57ED9CDC-FC03-4DA7-A791-CE61D0D8364D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e3:*:*:*:*:*:*:*",
            "matchCriteriaId": "F980EFA3-BB92-49D3-8D5F-2804BB44ABB1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e3k:*:*:*:*:*:*:*",
            "matchCriteriaId": "3D6D0AA7-E879-4303-AB2D-4FEF3574B60E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e4:*:*:*:*:*:*:*",
            "matchCriteriaId": "345C9300-CAC2-4427-A6B4-8DBC72573E00",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e5:*:*:*:*:*:*:*",
            "matchCriteriaId": "64BFCF66-DE06-46DA-8F9D-60A446DC0F0A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e6:*:*:*:*:*:*:*",
            "matchCriteriaId": "7BDF6ABA-F0A4-423F-9056-A57C6A074137",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e7:*:*:*:*:*:*:*",
            "matchCriteriaId": "956FE25C-3CB8-4479-850D-719827123A3B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e8:*:*:*:*:*:*:*",
            "matchCriteriaId": "23ABB581-90EF-4F6C-9778-735932D2B08D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e9:*:*:*:*:*:*:*",
            "matchCriteriaId": "BC3FD874-5EDF-48E0-A5AC-415A620C1FF8",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e10:*:*:*:*:*:*:*",
            "matchCriteriaId": "58F396D6-9B6E-4E6A-B561-9822DB13C7AE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e11:*:*:*:*:*:*:*",
            "matchCriteriaId": "21887E28-6DED-4E1D-BC96-FED6461B95F0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e12:*:*:*:*:*:*:*",
            "matchCriteriaId": "0FAD4038-60A1-43ED-98EA-534B42134FB0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7a\\)e0b:*:*:*:*:*:*:*",
            "matchCriteriaId": "1374E243-4EC2-4A81-991C-B5705135CAD2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7b\\)e0b:*:*:*:*:*:*:*",
            "matchCriteriaId": "6ECA6101-94BA-4209-8243-A56AF02963EA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e:*:*:*:*:*:*:*",
            "matchCriteriaId": "FFF00927-80B0-4BE3-BF7C-E663A5E7763A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e1:*:*:*:*:*:*:*",
            "matchCriteriaId": "9795E31D-A642-4100-A980-CD49C291AB7F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e2:*:*:*:*:*:*:*",
            "matchCriteriaId": "83C79479-27C6-4273-BC80-70395D609197",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e3:*:*:*:*:*:*:*",
            "matchCriteriaId": "28ACC494-2B4B-4BCE-9275-B7B10CC69B1B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e4:*:*:*:*:*:*:*",
            "matchCriteriaId": "B8BB9098-7C1D-4776-8B1F-EF4A0461CCDB",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e5:*:*:*:*:*:*:*",
            "matchCriteriaId": "602A88C0-30D1-4B63-A8F7-EF1D35350897",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e6:*:*:*:*:*:*:*",
            "matchCriteriaId": "8D3AE0C5-D071-44B4-B820-422296FDC259",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-16fp-2g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "DCE31650-EA77-4AE9-85CD-CB6C1E1E0562",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-16p-2g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "3C0DF028-9DE9-4BD9-ACDF-72D54E1898C8",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-16t-2g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "B9F0B2AE-113D-49FC-A4DB-2A7F35678BC3",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-16t-e-2g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "CC581974-585A-4204-8BB0-B0C56C04EA61",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-24fp-4g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "D8D14468-6577-4142-B312-70BE052BB62E",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-24fp-4x-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "411965A9-9F29-49D6-A402-76F5AA430891",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-24p-4g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "E8208BCD-7591-4A7E-B5D0-FC875FF51238",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-24p-4x-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "B6DA9249-EEFE-48D8-B94A-845A6C8C5EC0",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-24pp-4g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "3ECC7217-C2F5-4742-8559-4254FF649192",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-24t-4g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "8DF6F3CD-8D92-426D-923C-9282EECF440E",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-24t-4x-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "33B9CA88-B777-40D3-9094-C321A9B68245",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-48fp-4g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "08E73625-3AE9-4A57-A5C1-9F5CB30913E8",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-48fp-4x-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "359594EB-19B7-448C-901A-E0D7F6F49738",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-48p-4g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "07FB42D3-1876-4535-B969-4F7DCEB425C6",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-48p-4x-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "2CEAFC00-8B8A-4D2E-85D7-2366F0C76093",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-48pp-4g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "946E34A8-F960-4878-80B7-A0FC6A50CB13",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-48t-4g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "993C14D0-710B-4BE6-BC66-C35D071C0089",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-48t-4x-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "E28C4B25-2244-4A6A-AF69-FFCCD6A693C6",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-8fp-2g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "7981F467-B780-44CE-ACD3-175B0BEF1D79",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-8fp-e-2g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "4BB0A67A-FDCC-4F6A-B1C8-DA26D7D11231",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-8p-2g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "24849156-10B7-4FF9-B825-EAD3BF864724",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-8p-e-2g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "A245CDAE-B426-4FC3-A35E-96E09C5E4607",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-8t-2g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "AD1456D7-700B-4833-B530-15CEF6FCA99D",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000-8t-e-2g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "D2EE6830-7F52-4FCD-AA08-F3BDABE5E7E2",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000fe-24p-4g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "FA79F243-5BD0-40FB-ADAC-A7E92DA1B1FD",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000fe-24t-4g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "70BFCEF9-B808-4CC8-BA50-E6F8CF83C238",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000fe-48p-4g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "C2994E19-2B1E-445E-8C1B-6BAC67F28028",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_1000fe-48t-4g-l:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "9DF8C04C-B259-408C-80B7-77BBF5606BCE",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_2960l-16ps-ll:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "923B1623-2A33-497B-9238-3F4699E8E4AA",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_2960l-16ts-ll:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "762B1BA4-69FC-4977-A0A8-9323660674A2",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_2960l-24pq-ll:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "343AD12E-387D-4494-9665-45384927C043",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_2960l-24ps-ll:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "F249629F-1A5C-4C12-B956-552A2526A836",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_2960l-24tq-ll:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "B6F7347D-C59F-4432-8706-A49732F691D2",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_2960l-24ts-ll:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "3C9AF097-09D6-4388-85EA-5954BD40D6B4",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_2960l-48pq-ll:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "B7CB5149-90DE-4C56-B252-0BE74CB84B19",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_2960l-48ps-ll:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "949533D3-6500-49BA-BE55-42E1506D3DD6",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_2960l-48tq-ll:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "26876A8C-F6C9-4FBA-8085-DD9A042CF77D",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_2960l-48ts-ll:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "94E5B561-02A2-4F79-8E28-E6A2B5C4F09D",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_2960l-8ps-ll:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "1EBE7411-BD02-47A8-99BC-6B701B60A61B",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_2960l-8ts-ll:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "96195B6B-C869-4DEF-AB5D-704B3D2FC76E",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References