Cisco has issued a security warning about a newly identified vulnerability in its IOS XR Software. This security flaw, labeled CVE-2025-20138, has been rated 8.8 on the CVSS scale, meaning it poses a major risk to affected devices.
What Is the Problem?
The issue is found in the Command Line Interface (CLI) of Cisco’s IOS XR Software. If an attacker gains access to a system with limited user privileges, they can exploit this weakness to execute commands with the highest level of control. This would allow them to make major modifications to the system, potentially leading to severe security threats.
The root of the problem is improper validation of user inputs in certain CLI commands. Because the system does not correctly filter these inputs, attackers can manipulate it using carefully crafted commands. If successful, they can obtain full administrative access, giving them total control over the device.
Who Is Affected?
This vulnerability affects all configurations of Cisco IOS XR 64-bit Software. Users should check Cisco’s official security advisory to confirm if their specific version is vulnerable.
However, some Cisco software versions are confirmed to be unaffected, including:
IOS Software
IO
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.