{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-20154", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2024-10-10T19:15:13.216Z", "datePublished": "2025-05-07T17:18:50.666Z", "dateUpdated": "2025-05-07T19:46:08.963Z"}, "containers": {"cna": {"title": "Cisco IOS, IOS XE and IOS XR Software TWAMP Denial of Service Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server process to reload unexpectedly if debugs are enabled.\r\n\r\nThis vulnerability is due to out-of-bounds array access when processing specially crafted TWAMP control packets. An attacker could exploit this vulnerability by sending crafted TWAMP control packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\r\nNote: For Cisco IOS XR Software, only the ipsla_ippm_server process reloads unexpectedly and only when debugs are enabled. The vulnerability details for Cisco IOS XR Software are as follows:    Security Impact Rating (SIR): Low    CVSS Base Score: 3.7    CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn", "name": "cisco-sa-twamp-kV4FHugn"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-twamp-kV4FHugn", "discovery": "INTERNAL", "defects": ["CSCwk80897"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Input Validation", "type": "cwe", "cweId": "CWE-20"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco IOS XR Software", "versions": [{"version": "6.5.3", "status": "affected"}, {"version": "6.5.29", "status": "affected"}, {"version": "6.5.1", "status": "affected"}, {"version": "6.6.1", "status": "affected"}, {"version": "6.5.2", "status": "affected"}, {"version": "6.5.92", "status": "affected"}, {"version": "6.5.15", "status": "affected"}, {"version": "6.6.2", "status": "affected"}, {"version": "7.0.1", "status": "affected"}, {"version": "6.6.25", "status": "affected"}, {"version": "6.5.26", "status": "affected"}, {"version": "6.6.11", "status": "affected"}, {"version": "6.5.25", "status": "affected"}, {"version": "6.5.28", "status": "affected"}, {"version": "6.5.93", "status": "affected"}, {"version": "6.6.12", "status": "affected"}, {"version": "6.5.90", "status": "affected"}, {"version": "7.0.0", "status": "affected"}, {"version": "7.1.1", "status": "affected"}, {"version": "7.0.90", "status": "affected"}, {"version": "6.6.3", "status": "affected"}, {"version": "6.7.1", "status": "affected"}, {"version": "7.0.2", "status": "affected"}, {"version": "7.1.15", "status": "affected"}, {"version": "7.2.0", "status": "affected"}, {"version": "7.2.1", "status": "affected"}, {"version": "7.1.2", "status": "affected"}, {"version": "6.7.2", "status": "affected"}, {"version": "7.0.11", "status": "affected"}, {"version": "7.0.12", "status": "affected"}, {"version": "7.0.14", "status": "affected"}, {"version": "7.1.25", "status": "affected"}, {"version": "6.6.4", "status": "affected"}, {"version": "7.2.12", "status": "affected"}, {"version": "7.3.1", "status": "affected"}, {"version": "7.1.3", "status": "affected"}, {"version": "6.7.3", "status": "affected"}, {"version": "7.4.1", "status": "affected"}, {"version": "7.2.2", "status": "affected"}, {"version": "6.7.4", "status": "affected"}, {"version": "6.5.31", "status": "affected"}, {"version": "7.3.15", "status": "affected"}, {"version": "7.3.16", "status": "affected"}, {"version": "6.8.1", "status": "affected"}, {"version": "7.4.15", "status": "affected"}, {"version": "6.5.32", "status": "affected"}, {"version": "7.3.2", "status": "affected"}, {"version": "7.5.1", "status": "affected"}, {"version": "7.4.16", "status": "affected"}, {"version": "7.3.27", "status": "affected"}, {"version": "7.6.1", "status": "affected"}, {"version": "7.5.2", "status": "affected"}, {"version": "7.8.1", "status": "affected"}, {"version": "7.6.15", "status": "affected"}, {"version": "7.5.12", "status": "affected"}, {"version": "7.3.3", "status": "affected"}, {"version": "7.7.1", "status": "affected"}, {"version": "6.8.2", "status": "affected"}, {"version": "7.3.4", "status": "affected"}, {"version": "7.4.2", "status": "affected"}, {"version": "6.7.35", "status": "affected"}, {"version": "6.9.1", "status": "affected"}, {"version": "7.6.2", "status": "affected"}, {"version": "7.5.3", "status": "affected"}, {"version": "7.7.2", "status": "affected"}, {"version": "6.9.2", "status": "affected"}, {"version": "7.9.1", "status": "affected"}, {"version": "7.10.1", "status": "affected"}, {"version": "7.8.2", "status": "affected"}, {"version": "7.5.4", "status": "affected"}, {"version": "6.5.33", "status": "affected"}, {"version": "7.8.22", "status": "affected"}, {"version": "7.7.21", "status": "affected"}, {"version": "7.9.2", "status": "affected"}, {"version": "7.3.5", "status": "affected"}, {"version": "7.5.5", "status": "affected"}, {"version": "7.11.1", "status": "affected"}, {"version": "7.9.21", "status": "affected"}, {"version": "7.10.2", "status": "affected"}, {"version": "24.1.1", "status": "affected"}, {"version": "7.6.3", "status": "affected"}, {"version": "7.3.6", "status": "affected"}, {"version": "7.11.2", "status": "affected"}, {"version": "24.2.1", "status": "affected"}, {"version": "24.1.2", "status": "affected"}, {"version": "24.2.11", "status": "affected"}, {"version": "24.3.1", "status": "affected"}, {"version": "24.2.2", "status": "affected"}, {"version": "7.8.23", "status": "affected"}, {"version": "7.11.21", "status": "affected"}, {"version": "24.2.20", "status": "affected"}, {"version": "6.5.35", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-05-07T17:18:50.666Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-07T18:56:59.795728Z", "id": "CVE-2025-20154", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-07T19:46:08.963Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-20154", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-07T18:56:59.795728Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-07T18:57:01.027Z"}}], "cna": {"title": "Cisco IOS, IOS XE and IOS XR Software TWAMP Denial of Service Vulnerability", "source": {"defects": ["CSCwk80897"], "advisory": "cisco-sa-twamp-kV4FHugn", "discovery": "INTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco IOS XR Software", "versions": [{"status": "affected", "version": "6.5.3"}, {"status": "affected", "version": "6.5.29"}, {"status": "affected", "version": "6.5.1"}, {"status": "affected", "version": "6.6.1"}, {"status": "affected", "version": "6.5.2"}, {"status": "affected", "version": "6.5.92"}, {"status": "affected", "version": "6.5.15"}, {"status": "affected", "version": "6.6.2"}, {"status": "affected", "version": "7.0.1"}, {"status": "affected", "version": "6.6.25"}, {"status": "affected", "version": "6.5.26"}, {"status": "affected", "version": "6.6.11"}, {"status": "affected", "version": "6.5.25"}, {"status": "affected", "version": "6.5.28"}, {"status": "affected", "version": "6.5.93"}, {"status": "affected", "version": "6.6.12"}, {"status": "affected", "version": "6.5.90"}, {"status": "affected", "version": "7.0.0"}, {"status": "affected", "version": "7.1.1"}, {"status": "affected", "version": "7.0.90"}, {"status": "affected", "version": "6.6.3"}, {"status": "affected", "version": "6.7.1"}, {"status": "affected", "version": "7.0.2"}, {"status": "affected", "version": "7.1.15"}, {"status": "affected", "version": "7.2.0"}, {"status": "affected", "version": "7.2.1"}, {"status": "affected", "version": "7.1.2"}, {"status": "affected", "version": "6.7.2"}, {"status": "affected", "version": "7.0.11"}, {"status": "affected", "version": "7.0.12"}, {"status": "affected", "version": "7.0.14"}, {"status": "affected", "version": "7.1.25"}, {"status": "affected", "version": "6.6.4"}, {"status": "affected", "version": "7.2.12"}, {"status": "affected", "version": "7.3.1"}, {"status": "affected", "version": "7.1.3"}, {"status": "affected", "version": "6.7.3"}, {"status": "affected", "version": "7.4.1"}, {"status": "affected", "version": "7.2.2"}, {"status": "affected", "version": "6.7.4"}, {"status": "affected", "version": "6.5.31"}, {"status": "affected", "version": "7.3.15"}, {"status": "affected", "version": "7.3.16"}, {"status": "affected", "version": "6.8.1"}, {"status": "affected", "version": "7.4.15"}, {"status": "affected", "version": "6.5.32"}, {"status": "affected", "version": "7.3.2"}, {"status": "affected", "version": "7.5.1"}, {"status": "affected", "version": "7.4.16"}, {"status": "affected", "version": "7.3.27"}, {"status": "affected", "version": "7.6.1"}, {"status": "affected", "version": "7.5.2"}, {"status": "affected", "version": "7.8.1"}, {"status": "affected", "version": "7.6.15"}, {"status": "affected", "version": "7.5.12"}, {"status": "affected", "version": "7.3.3"}, {"status": "affected", "version": "7.7.1"}, {"status": "affected", "version": "6.8.2"}, {"status": "affected", "version": "7.3.4"}, {"status": "affected", "version": "7.4.2"}, {"status": "affected", "version": "6.7.35"}, {"status": "affected", "version": "6.9.1"}, {"status": "affected", "version": "7.6.2"}, {"status": "affected", "version": "7.5.3"}, {"status": "affected", "version": "7.7.2"}, {"status": "affected", "version": "6.9.2"}, {"status": "affected", "version": "7.9.1"}, {"status": "affected", "version": "7.10.1"}, {"status": "affected", "version": "7.8.2"}, {"status": "affected", "version": "7.5.4"}, {"status": "affected", "version": "6.5.33"}, {"status": "affected", "version": "7.8.22"}, {"status": "affected", "version": "7.7.21"}, {"status": "affected", "version": "7.9.2"}, {"status": "affected", "version": "7.3.5"}, {"status": "affected", "version": "7.5.5"}, {"status": "affected", "version": "7.11.1"}, {"status": "affected", "version": "7.9.21"}, {"status": "affected", "version": "7.10.2"}, {"status": "affected", "version": "24.1.1"}, {"status": "affected", "version": "7.6.3"}, {"status": "affected", "version": "7.3.6"}, {"status": "affected", "version": "7.11.2"}, {"status": "affected", "version": "24.2.1"}, {"status": "affected", "version": "24.1.2"}, {"status": "affected", "version": "24.2.11"}, {"status": "affected", "version": "24.3.1"}, {"status": "affected", "version": "24.2.2"}, {"status": "affected", "version": "7.8.23"}, {"status": "affected", "version": "7.11.21"}, {"status": "affected", "version": "24.2.20"}, {"status": "affected", "version": "6.5.35"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn", "name": "cisco-sa-twamp-kV4FHugn"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server process to reload unexpectedly if debugs are enabled.\r\n\r\nThis vulnerability is due to out-of-bounds array access when processing specially crafted TWAMP control packets. An attacker could exploit this vulnerability by sending crafted TWAMP control packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\r\nNote: For Cisco IOS XR Software, only the ipsla_ippm_server process reloads unexpectedly and only when debugs are enabled. The vulnerability details for Cisco IOS XR Software are as follows:    Security Impact Rating (SIR): Low    CVSS Base Score: 3.7    CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-20", "description": "Improper Input Validation"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-05-07T17:18:50.666Z"}}}, "cveMetadata": {"cveId": "CVE-2025-20154", "state": "PUBLISHED", "dateUpdated": "2025-05-07T19:46:08.963Z", "dateReserved": "2024-10-10T19:15:13.216Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2025-05-07T17:18:50.666Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server process to reload unexpectedly if debugs are enabled.\r\n\r\nThis vulnerability is due to out-of-bounds array access when processing specially crafted TWAMP control packets. An attacker could exploit this vulnerability by sending crafted TWAMP control packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\r\nNote: For Cisco IOS XR Software, only the ipsla_ippm_server process reloads unexpectedly and only when debugs are enabled. The vulnerability details for Cisco IOS XR Software are as follows:    Security Impact Rating (SIR): Low    CVSS Base Score: 3.7    CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, {"lang": "es", "value": "Una vulnerabilidad en la funci\u00f3n de servidor del Protocolo de Medici\u00f3n Activa Bidireccional (TWAMP) del software Cisco IOS y Cisco IOS XE podr\u00eda permitir que un atacante remoto no autenticado recargue el dispositivo afectado, lo que resulta en una denegaci\u00f3n de servicio (DoS). En el software Cisco IOS XR, esta vulnerabilidad podr\u00eda provocar que el proceso ipsla_ippm_server se recargue inesperadamente si se habilitan las depuraciones. Esta vulnerabilidad se debe a un acceso fuera de los l\u00edmites a la matriz al procesar paquetes de control TWAMP especialmente manipulados. Un atacante podr\u00eda explotar esta vulnerabilidad enviando paquetes de control TWAMP dise\u00f1ados a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante recargue el dispositivo afectado, lo que resulta en una denegaci\u00f3n de servicio (DoS). Nota: En el software Cisco IOS XR, solo el proceso ipsla_ippm_server se recarga inesperadamente y solo cuando se habilitan las depuraciones. Los detalles de la vulnerabilidad del software Cisco IOS XR son los siguientes: Clasificaci\u00f3n de impacto de seguridad (SIR): baja. Puntuaci\u00f3n base CVSS: 3,7. Vector CVSS: CVSS: 3.1/AV: N/AC: H/PR: N/UI: N/S: U/C: N/I: N/A: L."}], "id": "CVE-2025-20154", "lastModified": "2025-05-08T14:39:09.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-05-07T18:15:37.177", "references": [{"source": "[email protected]", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "[email protected]", "type": "Primary"}]}

{}