ACL Bypass in Cisco Catalyst 1000/2960L Switches via Unsupported ACL+IPSG
CVE-2025-20137 Published on May 7, 2025
A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. Note: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches.
Vulnerability Analysis
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2025-20137 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2025-20137
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-20137 are published in Cisco Internetwork Operating System (IOS):
Affected Versions
Cisco IOS:- Version 15.2(5a)E is affected.
- Version 15.2(5b)E is affected.
- Version 15.2(5c)E is affected.
- Version 15.2(6)E is affected.
- Version 15.2(6)E1 is affected.
- Version 15.2(6)E0c is affected.
- Version 15.2(6)E2 is affected.
- Version 15.2(7)E is affected.
- Version 15.2(6)E2b is affected.
- Version 15.2(7)E1 is affected.
- Version 15.2(7)E0a is affected.
- Version 15.2(7)E0s is affected.
- Version 15.2(6)E3 is affected.
- Version 15.2(7)E2 is affected.
- Version 15.2(7a)E0b is affected.
- Version 15.2(7)E3 is affected.
- Version 15.2(7)E1a is affected.
- Version 15.2(7b)E0b is affected.
- Version 15.2(7)E4 is affected.
- Version 15.2(7)E3k is affected.
- Version 15.2(8)E is affected.
- Version 15.2(8)E1 is affected.
- Version 15.2(7)E5 is affected.
- Version 15.2(7)E6 is affected.
- Version 15.2(8)E2 is affected.
- Version 15.2(7)E7 is affected.
- Version 15.2(8)E3 is affected.
- Version 15.2(7)E8 is affected.
- Version 15.2(8)E4 is affected.
- Version 15.2(7)E9 is affected.
- Version 15.2(8)E5 is affected.
- Version 15.2(8)E6 is affected.
- Version 15.2(7)E10 is affected.
- Version 15.2(7)E11 is affected.
- Version 15.2(7)E12 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.