Cisco IOS XR Software Management Interface ACL Bypass Vulnerability

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features.

This vulnerability exists because management interface ACLs have not been supported on Cisco IOS XR Software Packet I/O infrastructure platforms for Linux-handled features such as SSH, NetConf, or gRPC. An attacker could exploit this vulnerability by attempting to send traffic to an affected device. A successful exploit could allow the attacker to bypass an ingress ACL that is applied on the management interface of the affected device.

Basic Information

ID CVE-2025-20159

Source cisco

Published Sep 10, 2025 at 16:06

Affected Product

Vendor Cisco

Product Cisco IOS XR Software

Version 6.6.1

Affected Versions Cisco Cisco IOS XR Software 6.6.1
Cisco Cisco IOS XR Software 6.5.3
Cisco Cisco IOS XR Software 7.0.1
Cisco Cisco IOS XR Software 6.6.11
Cisco Cisco IOS XR Software 6.5.1
Cisco Cisco IOS XR Software 6.5.2
Cisco Cisco IOS XR Software 6.6.2
Cisco Cisco IOS XR Software 6.6.12
Cisco Cisco IOS XR Software 6.6.25
Cisco Cisco IOS XR Software 7.1.1
Cisco Cisco IOS XR Software 7.0.90
Cisco Cisco IOS XR Software 6.6.3
Cisco Cisco IOS XR Software 7.0.2
Cisco Cisco IOS XR Software 7.1.2
Cisco Cisco IOS XR Software 7.2.1
Cisco Cisco IOS XR Software 7.0.11
Cisco Cisco IOS XR Software 7.0.12
Cisco Cisco IOS XR Software 7.0.14
Cisco Cisco IOS XR Software 6.6.4
Cisco Cisco IOS XR Software 7.2.12
Cisco Cisco IOS XR Software 7.3.1
Cisco Cisco IOS XR Software 7.4.1
Cisco Cisco IOS XR Software 7.2.2
Cisco Cisco IOS XR Software 7.3.15
Cisco Cisco IOS XR Software 7.3.16
Cisco Cisco IOS XR Software 7.4.15
Cisco Cisco IOS XR Software 7.3.2
Cisco Cisco IOS XR Software 7.5.1
Cisco Cisco IOS XR Software 7.4.16
Cisco Cisco IOS XR Software 7.3.27
Cisco Cisco IOS XR Software 7.6.1
Cisco Cisco IOS XR Software 7.5.2
Cisco Cisco IOS XR Software 7.8.1
Cisco Cisco IOS XR Software 7.6.15
Cisco Cisco IOS XR Software 7.5.12
Cisco Cisco IOS XR Software 7.8.12
Cisco Cisco IOS XR Software 7.3.4
Cisco Cisco IOS XR Software 7.3.3
Cisco Cisco IOS XR Software 7.4.2
Cisco Cisco IOS XR Software 7.7.1
Cisco Cisco IOS XR Software 7.6.2
Cisco Cisco IOS XR Software 7.5.3
Cisco Cisco IOS XR Software 7.7.2
Cisco Cisco IOS XR Software 7.9.1
Cisco Cisco IOS XR Software 7.10.1
Cisco Cisco IOS XR Software 7.8.2
Cisco Cisco IOS XR Software 7.5.4
Cisco Cisco IOS XR Software 7.8.22
Cisco Cisco IOS XR Software 7.7.21
Cisco Cisco IOS XR Software 7.9.2
Cisco Cisco IOS XR Software 7.3.5
Cisco Cisco IOS XR Software 7.5.5
Cisco Cisco IOS XR Software 7.11.1
Cisco Cisco IOS XR Software 7.10.2
Cisco Cisco IOS XR Software 24.1.1
Cisco Cisco IOS XR Software 7.3.6
Cisco Cisco IOS XR Software 7.5.52
Cisco Cisco IOS XR Software 7.11.2
Cisco Cisco IOS XR Software 24.2.1
Cisco Cisco IOS XR Software 24.1.2
Cisco Cisco IOS XR Software 24.2.11
Cisco Cisco IOS XR Software 24.3.1
Cisco Cisco IOS XR Software 24.4.1
Cisco Cisco IOS XR Software 24.2.2
Cisco Cisco IOS XR Software 7.11.21
Cisco Cisco IOS XR Software 24.2.20
Cisco Cisco IOS XR Software 24.3.2
Cisco Cisco IOS XR Software 25.1.1
Cisco Cisco IOS XR Software 24.4.2
Cisco Cisco IOS XR Software 24.3.20
Cisco Cisco IOS XR Software 25.1.2
Cisco Cisco IOS XR Software 24.3.30
Cisco Cisco IOS XR Software 24.4.30
Cisco Cisco IOS XR Software 24.2.21

References

sec.cloudapps.cisco.com /security/center/content/CiscoSecurityAdvisory/cisco-sa-acl-packetio-Swjhhbtz

{
    "lastseen": "",
    "description": "A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features.\r\n\r\nThis vulnerability exists because management interface ACLs have not been supported on Cisco IOS XR Software Packet I/O infrastructure platforms for Linux-handled features such as SSH, NetConf, or gRPC. An attacker could exploit this vulnerability by attempting to send traffic to an affected device. A successful exploit could allow the attacker to bypass an ingress ACL that is applied on the management interface of the affected device.",
    "published": "2025-09-10T16:06:49.862Z",
    "modified": "2025-09-10T16:06:49.862Z",
    "type": "cve",
    "title": "Cisco IOS XR Software Management Interface ACL Bypass Vulnerability",
    "source": "cisco",
    "references": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-acl-packetio-Swjhhbtz",
    "id": "CVE-2025-20159",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Cisco Cisco IOS XR Software 6.6.1\nCisco Cisco IOS XR Software 6.5.3\nCisco Cisco IOS XR Software 7.0.1\nCisco Cisco IOS XR Software 6.6.11\nCisco Cisco IOS XR Software 6.5.1\nCisco Cisco IOS XR Software 6.5.2\nCisco Cisco IOS XR Software 6.6.2\nCisco Cisco IOS XR Software 6.6.12\nCisco Cisco IOS XR Software 6.6.25\nCisco Cisco IOS XR Software 7.1.1\nCisco Cisco IOS XR Software 7.0.90\nCisco Cisco IOS XR Software 6.6.3\nCisco Cisco IOS XR Software 7.0.2\nCisco Cisco IOS XR Software 7.1.2\nCisco Cisco IOS XR Software 7.2.1\nCisco Cisco IOS XR Software 7.0.11\nCisco Cisco IOS XR Software 7.0.12\nCisco Cisco IOS XR Software 7.0.14\nCisco Cisco IOS XR Software 6.6.4\nCisco Cisco IOS XR Software 7.2.12\nCisco Cisco IOS XR Software 7.3.1\nCisco Cisco IOS XR Software 7.4.1\nCisco Cisco IOS XR Software 7.2.2\nCisco Cisco IOS XR Software 7.3.15\nCisco Cisco IOS XR Software 7.3.16\nCisco Cisco IOS XR Software 7.4.15\nCisco Cisco IOS XR Software 7.3.2\nCisco Cisco IOS XR Software 7.5.1\nCisco Cisco IOS XR Software 7.4.16\nCisco Cisco IOS XR Software 7.3.27\nCisco Cisco IOS XR Software 7.6.1\nCisco Cisco IOS XR Software 7.5.2\nCisco Cisco IOS XR Software 7.8.1\nCisco Cisco IOS XR Software 7.6.15\nCisco Cisco IOS XR Software 7.5.12\nCisco Cisco IOS XR Software 7.8.12\nCisco Cisco IOS XR Software 7.3.4\nCisco Cisco IOS XR Software 7.3.3\nCisco Cisco IOS XR Software 7.4.2\nCisco Cisco IOS XR Software 7.7.1\nCisco Cisco IOS XR Software 7.6.2\nCisco Cisco IOS XR Software 7.5.3\nCisco Cisco IOS XR Software 7.7.2\nCisco Cisco IOS XR Software 7.9.1\nCisco Cisco IOS XR Software 7.10.1\nCisco Cisco IOS XR Software 7.8.2\nCisco Cisco IOS XR Software 7.5.4\nCisco Cisco IOS XR Software 7.8.22\nCisco Cisco IOS XR Software 7.7.21\nCisco Cisco IOS XR Software 7.9.2\nCisco Cisco IOS XR Software 7.3.5\nCisco Cisco IOS XR Software 7.5.5\nCisco Cisco IOS XR Software 7.11.1\nCisco Cisco IOS XR Software 7.10.2\nCisco Cisco IOS XR Software 24.1.1\nCisco Cisco IOS XR Software 7.3.6\nCisco Cisco IOS XR Software 7.5.52\nCisco Cisco IOS XR Software 7.11.2\nCisco Cisco IOS XR Software 24.2.1\nCisco Cisco IOS XR Software 24.1.2\nCisco Cisco IOS XR Software 24.2.11\nCisco Cisco IOS XR Software 24.3.1\nCisco Cisco IOS XR Software 24.4.1\nCisco Cisco IOS XR Software 24.2.2\nCisco Cisco IOS XR Software 7.11.21\nCisco Cisco IOS XR Software 24.2.20\nCisco Cisco IOS XR Software 24.3.2\nCisco Cisco IOS XR Software 25.1.1\nCisco Cisco IOS XR Software 24.4.2\nCisco Cisco IOS XR Software 24.3.20\nCisco Cisco IOS XR Software 25.1.2\nCisco Cisco IOS XR Software 24.3.30\nCisco Cisco IOS XR Software 24.4.30\nCisco Cisco IOS XR Software 24.2.21",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cisco IOS XR Software",
    "version": "6.6.1",
    "vendor": "Cisco",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cisco IOS XR Software Management Interface ACL Bypass Vulnerability_CVE-2025-20159

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply