CVE-2025-20177

Cisco IOS XR Software Image Verification Bypass Vulnerability

Description

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system. Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

INFO

Published Date :

2025-03-12T16:13:04.362Z

Last Modified :

2026-02-26T19:09:35.194Z

Source :

cisco

AFFECTED PRODUCTS

The following products are affected by CVE-2025-20177 vulnerability.

Vendors	Products
Cisco	8011-4g24y4h-i 8101-32fh 8101-32fh-o 8101-32h-o 8102-28fh-dpu-o 8102-64h 8102-64h-o 8111-32eh-o 8122-64eh-o 8122-64ehf-o 8201 8201-24h8fh 8201-32fh 8201-32fh-o 8202 8202-32fh-m 8212-48fh-m 8404 8501-sys-mt 8608 8700 8711-32fh-m 8712-mod-m 8804 8808 8812 8818 Ios Xr Ios Xr Software Ncs 1010 Ncs 1014 Ncs 540-12z20g-sys-a Ncs 540-12z20g-sys-d Ncs 540-24q2c2dd-sys Ncs 540-24q8l2dd-sys Ncs 540-24z8q2c-sys Ncs 540-28z4c-sys-a Ncs 540-28z4c-sys-d Ncs 540-6z14s-sys-d Ncs 540-6z18g-sys-a Ncs 540-6z18g-sys-d Ncs 540-acc-sys Ncs 540-fh-agg Ncs 540-fh-csr-sys Ncs 540x-12z16g-sys-a Ncs 540x-12z16g-sys-d Ncs 540x-16z4g8q2c-a Ncs 540x-16z4g8q2c-d Ncs 540x-16z8q2c-d Ncs 540x-4z14g2q-a Ncs 540x-4z14g2q-d Ncs 540x-6z18g-sys-a Ncs 540x-6z18g-sys-d Ncs 540x-8z16g-sys-a Ncs 540x-8z16g-sys-d Ncs 540x-acc-sys Ncs 57b1-5dse-sys Ncs 57b1-6d24-sys Ncs 57c1-48q6-sys Ncs 57c3-mod-sys Ncs 57d2-18dd-sys

Vendors

Products

Cisco

8011-4g24y4h-i
8101-32fh
8101-32fh-o
8101-32h-o
8102-28fh-dpu-o
8102-64h
8102-64h-o
8111-32eh-o
8122-64eh-o
8122-64ehf-o
8201
8201-24h8fh
8201-32fh
8201-32fh-o
8202
8202-32fh-m
8212-48fh-m
8404
8501-sys-mt
8608
8700
8711-32fh-m
8712-mod-m
8804
8808
8812
8818
Ios Xr
Ios Xr Software
Ncs 1010
Ncs 1014
Ncs 540-12z20g-sys-a
Ncs 540-12z20g-sys-d
Ncs 540-24q2c2dd-sys
Ncs 540-24q8l2dd-sys
Ncs 540-24z8q2c-sys
Ncs 540-28z4c-sys-a
Ncs 540-28z4c-sys-d
Ncs 540-6z14s-sys-d
Ncs 540-6z18g-sys-a
Ncs 540-6z18g-sys-d
Ncs 540-acc-sys
Ncs 540-fh-agg
Ncs 540-fh-csr-sys
Ncs 540x-12z16g-sys-a
Ncs 540x-12z16g-sys-d
Ncs 540x-16z4g8q2c-a
Ncs 540x-16z4g8q2c-d
Ncs 540x-16z8q2c-d
Ncs 540x-4z14g2q-a
Ncs 540x-4z14g2q-d
Ncs 540x-6z18g-sys-a
Ncs 540x-6z18g-sys-d
Ncs 540x-8z16g-sys-a
Ncs 540x-8z16g-sys-d
Ncs 540x-acc-sys
Ncs 57b1-5dse-sys
Ncs 57b1-6d24-sys
Ncs 57c1-48q6-sys
Ncs 57c3-mod-sys
Ncs 57d2-18dd-sys

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-20177.

URL	Resource
https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact