Vulnerability Description
A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets. This vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xr | 6.5.1 |
| Cisco | Ncs 1004 | - |
| Cisco | Ncs 1010 | - |
| Cisco | Ncs 1014 | - |
| Cisco | Ncs 540L | - |
Related Weaknesses (CWE)
References
- https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/Not Applicable
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
FAQ
What is CVE-2025-20209?
CVE-2025-20209 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any contr...
How severe is CVE-2025-20209?
CVE-2025-20209 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-20209?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xr, Cisco Ncs 1004, Cisco Ncs 1010, Cisco Ncs 1014, Cisco Ncs 540L.