CVE-2025-20191

Published May 7, 2025

Last updated 2 months ago

CVSS high 7.4

Overview

Description
A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the incorrect handling of DHCPv6 packets. An attacker could exploit this vulnerability by sending a crafted DHCPv6 packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Source
psirt@cisco.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
7.4
Impact score
4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Severity
HIGH

Weaknesses

psirt@cisco.com
CWE-805

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-20191 🔴 HIGH (7.4) 🏢 Cisco - Cisco NX-OS Software 🏗️ 8.2(5) 🔗 https://t.co/gaOiafeH39 #CyberCron #VulnAlert #InfoSec https://t.co/z99pmaZDoY

    @cybercronai

    9 May 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.