6.7
CVE-2025-20313
- EPSS 0.06%
- Published 24.09.2025 18:15:35
- Last modified 26.09.2025 14:32:53
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due path traversal and improper image integrity validation. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. ERP
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorCisco
≫
Product
Cisco IOS XE Software
Version
17.3.1
Status
affected
Version
17.3.2
Status
affected
Version
17.3.3
Status
affected
Version
17.3.1a
Status
affected
Version
17.3.1w
Status
affected
Version
17.3.2a
Status
affected
Version
17.3.1x
Status
affected
Version
17.3.1z
Status
affected
Version
17.3.4
Status
affected
Version
17.3.5
Status
affected
Version
17.3.4a
Status
affected
Version
17.3.6
Status
affected
Version
17.3.4b
Status
affected
Version
17.3.4c
Status
affected
Version
17.3.5a
Status
affected
Version
17.3.5b
Status
affected
Version
17.3.7
Status
affected
Version
17.3.8
Status
affected
Version
17.3.8a
Status
affected
Version
17.4.1
Status
affected
Version
17.4.2
Status
affected
Version
17.4.1a
Status
affected
Version
17.4.1b
Status
affected
Version
17.4.2a
Status
affected
Version
17.5.1
Status
affected
Version
17.5.1a
Status
affected
Version
17.6.1
Status
affected
Version
17.6.2
Status
affected
Version
17.6.1w
Status
affected
Version
17.6.1a
Status
affected
Version
17.6.1x
Status
affected
Version
17.6.3
Status
affected
Version
17.6.1y
Status
affected
Version
17.6.1z
Status
affected
Version
17.6.3a
Status
affected
Version
17.6.4
Status
affected
Version
17.6.1z1
Status
affected
Version
17.6.5
Status
affected
Version
17.6.6
Status
affected
Version
17.6.6a
Status
affected
Version
17.6.5a
Status
affected
Version
17.6.7
Status
affected
Version
17.6.8
Status
affected
Version
17.6.8a
Status
affected
Version
17.7.1
Status
affected
Version
17.7.1a
Status
affected
Version
17.7.1b
Status
affected
Version
17.7.2
Status
affected
Version
17.10.1
Status
affected
Version
17.10.1a
Status
affected
Version
17.10.1b
Status
affected
Version
17.8.1
Status
affected
Version
17.8.1a
Status
affected
Version
17.9.1
Status
affected
Version
17.9.1w
Status
affected
Version
17.9.2
Status
affected
Version
17.9.1a
Status
affected
Version
17.9.1x
Status
affected
Version
17.9.1y
Status
affected
Version
17.9.3
Status
affected
Version
17.9.2a
Status
affected
Version
17.9.1x1
Status
affected
Version
17.9.3a
Status
affected
Version
17.9.4
Status
affected
Version
17.9.1y1
Status
affected
Version
17.9.5
Status
affected
Version
17.9.4a
Status
affected
Version
17.9.5a
Status
affected
Version
17.9.5b
Status
affected
Version
17.9.6
Status
affected
Version
17.9.6a
Status
affected
Version
17.9.7
Status
affected
Version
17.9.5e
Status
affected
Version
17.9.5f
Status
affected
Version
17.9.7a
Status
affected
Version
17.9.7b
Status
affected
Version
17.11.1
Status
affected
Version
17.11.1a
Status
affected
Version
17.12.1
Status
affected
Version
17.12.1w
Status
affected
Version
17.12.1a
Status
affected
Version
17.12.1x
Status
affected
Version
17.12.2
Status
affected
Version
17.12.3
Status
affected
Version
17.12.2a
Status
affected
Version
17.12.1y
Status
affected
Version
17.12.1z
Status
affected
Version
17.12.4
Status
affected
Version
17.12.3a
Status
affected
Version
17.12.1z1
Status
affected
Version
17.12.1z2
Status
affected
Version
17.12.4a
Status
affected
Version
17.12.5
Status
affected
Version
17.12.4b
Status
affected
Version
17.12.1z3
Status
affected
Version
17.12.5a
Status
affected
Version
17.12.1z4
Status
affected
Version
17.12.5b
Status
affected
Version
17.12.5c
Status
affected
Version
17.13.1
Status
affected
Version
17.13.1a
Status
affected
Version
17.14.1
Status
affected
Version
17.14.1a
Status
affected
Version
17.15.1
Status
affected
Version
17.15.1w
Status
affected
Version
17.15.1a
Status
affected
Version
17.15.2
Status
affected
Version
17.15.1b
Status
affected
Version
17.15.1x
Status
affected
Version
17.15.1z
Status
affected
Version
17.15.3
Status
affected
Version
17.15.2c
Status
affected
Version
17.15.2a
Status
affected
Version
17.15.1y
Status
affected
Version
17.15.2b
Status
affected
Version
17.15.3a
Status
affected
Version
17.15.3b
Status
affected
Version
17.16.1
Status
affected
Version
17.16.1a
Status
affected
Version
17.17.1
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.174 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| psirt@cisco.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-35 Path Traversal: '.../...//'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.