The vulnerability tracked as CVE-2025-20115, with a CVSS score of 8.6, could allow unauthenticated, remote attackers to cause denial-of-service conditions on affected network infrastructure.
The BGP confederation vulnerability (cisco-sa-iosxr-bgp-dos-O7stePhX) stems from memory corruption that occurs when a BGP update contains an AS_CONFED_SEQUENCE attribute with 255 autonomous system numbers or more.
This buffer overflow vulnerability, classified as CWE-120, represents a significant threat to network stability for organizations using Cisco IOS XR with BGP confederation configured.
According to Cisco’s security advisory released on March 12, 2025, an attacker could exploit this vulnerability by sending crafted BGP update messages to trigger memory corruption, which may force the BGP process to restart and result in a network-wide denial of service condition.
The exploit path requires the attacker to control a BGP confederation speaker within the same autonomous system as the target or requires a network configuration where the AS_CONFED_SEQUENCE attribute naturally grows beyond the threshold size.
The vulnerability affects all Cisco IOS XR Software versions with BGP confederation enabled, including versions 7.11 and earlier, 24.1 and earlier, and 24.2 up to 24.2.20.
| Risk Factors | Details |
| Affected Products | Cisco IOS XR Software 7.11 and earlier, 24.1 and earlier, and 24.2 up to 24.2.20. |
| Impact | Complete denial of service |
| Exploit Prerequisites | Attacker must control a BGP confederation speaker within the same autonomous system as the victim |
| CVSS 3.1 Score | 8.6 (High) |
Cisco has released software updates that address this vulnerability. Organizations using affected versions of IOS XR should upgrade to version 24.2.21 (future release), 24.3.1, or 24.4, which are unaffected.
For organizations unable to update immediately, Cisco has provided a workaround that restricts the BGP AS_CONFED_SEQUENCE attribute to 254 or fewer AS numbers using a routing policy that drops BGP updates with long AS path lengths on confederation peers.
The policy implementation involves creating a max-asns route policy and applying it to BGP neighbors:
This policy should then be applied to BGP neighbor configurations using “policy max-asns in” and “policy max-asns out” directives.
Network administrators can determine if their devices are vulnerable by checking for BGP confederation configuration using the “show running-config router bgp” command. If “bgp confederation peers” appear in the output, the device may be vulnerable.
Cisco’s Product Security Incident Response Team (PSIRT) notes they are not aware of any malicious exploitation attempts in the wild.
Organizations using affected versions should apply the relevant updates as soon as possible or implement the available workaround to restrict the BGP AS_CONFED_SEQUENCE attribute to 254 or fewer AS numbers.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
The post Cisco Warns of IOS XR Software Vulnerability That Let Attackers Trigger DoS condition appeared first on Cyber Security News.
Google has officially closed its $32 billion all-cash acquisition of Wiz, the Israeli cloud and…
A Loudon woman is facing a string of charges after police said she used drugs…
Two months after an initial inquiry into removing City Councilor Stacey Brown from office, Mayor…
The House of Representatives narrowly voted to table a bill that would increase transparency and…
Between a slide-in water tank, fire extrication equipment, a packer truck, a waste oil burner…
Pittsfield will soon face the dual challenges of losing the school district’s entire central administrative…
This website uses cookies.