CVE-2025-20146 - Vulnerability Details

CVE-2025-20146 - Cisco IOS XR Software for ASR 9000 Series Routers Layer 3 Multicast Routing Denial of Service Vulnerability

A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed IPv4 multicast packets that are received on line cards where the interface has either an IPv4 access control list (ACL) or a QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 multicast packets through an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset. Traffic over that line card would be lost while the line card reloads.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Asr 9006 Asr 9010 Asr 9901 Asr 9902 Asr 9903 Asr 9904 Asr 9906 Asr 9910 Asr 9912 Asr 9922 Ios Xr

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:ios_xr:7.9.21:::::::*
	cpe:2.3:o:cisco:ios_xr:7.10.2:::::::*
	cpe:2.3:o:cisco:ios_xr:7.11.1:::::::*
	cpe:2.3:o:cisco:ios_xr:7.11.2:::::::*
	cpe:2.3:o:cisco:ios_xr:7.11.21:::::::*
	cpe:2.3:o:cisco:ios_xr:24.1.1:::::::*
	cpe:2.3:o:cisco:ios_xr:24.1.2:::::::*
	cpe:2.3:o:cisco:ios_xr:24.2.1:::::::*
	cpe:2.3:o:cisco:ios_xr:24.2.2:::::::*
	cpe:2.3:o:cisco:ios_xr:24.3.1:::::::*
	cpe:2.3:o:cisco:ios_xr:24.3.2:::::::*

OR	cpe:2.3:h:cisco:asr_9006:-:::::::*
	cpe:2.3:h:cisco:asr_9010:-:::::::*
	cpe:2.3:h:cisco:asr_9901:-:::::::*
	cpe:2.3:h:cisco:asr_9902:-:::::::*
	cpe:2.3:h:cisco:asr_9903:-:::::::*
	cpe:2.3:h:cisco:asr_9904:-:::::::*
	cpe:2.3:h:cisco:asr_9906:-:::::::*
	cpe:2.3:h:cisco:asr_9910:-:::::::*
	cpe:2.3:h:cisco:asr_9912:-:::::::*
	cpe:2.3:h:cisco:asr_9922:-:::::::*

No data.

References

Link	Providers
https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multicast-ERMrSvq7

History

Fri, 01 Aug 2025 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco asr 9006 Cisco asr 9010 Cisco asr 9901 Cisco asr 9902 Cisco asr 9903 Cisco asr 9904 Cisco asr 9906 Cisco asr 9910 Cisco asr 9912 Cisco asr 9922 Cisco ios Xr
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:cisco:asr_9006:-:::::::* cpe:2.3:h:cisco:asr_9010:-:::::::* cpe:2.3:h:cisco:asr_9901:-:::::::* cpe:2.3:h:cisco:asr_9902:-:::::::* cpe:2.3:h:cisco:asr_9903:-:::::::* cpe:2.3:h:cisco:asr_9904:-:::::::* cpe:2.3:h:cisco:asr_9906:-:::::::* cpe:2.3:h:cisco:asr_9910:-:::::::* cpe:2.3:h:cisco:asr_9912:-:::::::* cpe:2.3:h:cisco:asr_9922:-:::::::* cpe:2.3:o:cisco:ios_xr:24.1.1:::::::* cpe:2.3:o:cisco:ios_xr:24.1.2:::::::* cpe:2.3:o:cisco:ios_xr:24.2.1:::::::* cpe:2.3:o:cisco:ios_xr:24.2.2:::::::* cpe:2.3:o:cisco:ios_xr:24.3.1:::::::* cpe:2.3:o:cisco:ios_xr:24.3.2:::::::* cpe:2.3:o:cisco:ios_xr:7.10.2:::::::* cpe:2.3:o:cisco:ios_xr:7.11.1:::::::* cpe:2.3:o:cisco:ios_xr:7.11.21:::::::* cpe:2.3:o:cisco:ios_xr:7.11.2:::::::* cpe:2.3:o:cisco:ios_xr:7.9.21:::::::*
Vendors & Products		Cisco Cisco asr 9006 Cisco asr 9010 Cisco asr 9901 Cisco asr 9902 Cisco asr 9903 Cisco asr 9904 Cisco asr 9906 Cisco asr 9910 Cisco asr 9912 Cisco asr 9922 Cisco ios Xr

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00157}`	epss `{'score': 0.00186}`

Fri, 21 Mar 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 12 Mar 2025 16:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed IPv4 multicast packets that are received on line cards where the interface has either an IPv4 access control list (ACL) or a QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 multicast packets through an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset. Traffic over that line card would be lost while the line card reloads.
Title		Cisco IOS XR Software for ASR 9000 Series Routers Layer 3 Multicast Routing Denial of Service Vulnerability
Weaknesses		CWE-20
References		https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/ https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multicast-ERMrSvq7
Metrics		cvssV3_1 `{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2025-03-12T16:12:56.245Z

Updated: 2025-03-21T20:27:39.497Z

Reserved: 2024-10-10T19:15:13.215Z

Link: CVE-2025-20146

Vulnrichment

Updated: 2025-03-21T20:27:29.549Z

NVD

Status : Analyzed

Published: 2025-03-12T16:15:22.197

Modified: 2025-08-01T18:50:42.947

Link: CVE-2025-20146

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object