Cisco IOS XR ACL Bypass Vulnerability (CVE-2025-20144)
CVE-2025-20144 Published on March 12, 2025
Cisco IOS XR Software Access Control List Bypass Vulnerability
A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device.
For more information, see the section of this advisory.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
Vulnerability Analysis
CVE-2025-20144 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2025-20144 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2025-20144
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-20144 are published in Cisco Ios Xr:
Affected Versions
Cisco IOS XR Software:- Version 6.5.3 is affected.
- Version 6.5.2 is affected.
- Version 6.5.92 is affected.
- Version 6.5.1 is affected.
- Version 6.6.2 is affected.
- Version 7.0.1 is affected.
- Version 6.6.25 is affected.
- Version 6.6.1 is affected.
- Version 6.5.93 is affected.
- Version 7.1.1 is affected.
- Version 7.0.90 is affected.
- Version 6.6.3 is affected.
- Version 7.0.2 is affected.
- Version 7.2.1 is affected.
- Version 7.1.2 is affected.
- Version 6.6.4 is affected.
- Version 7.3.1 is affected.
- Version 7.4.1 is affected.
- Version 7.2.2 is affected.
- Version 7.3.2 is affected.
- Version 7.5.1 is affected.
- Version 7.6.1 is affected.
- Version 7.5.2 is affected.
- Version 7.7.1 is affected.
- Version 7.3.3 is affected.
- Version 7.4.2 is affected.
- Version 7.3.4 is affected.
- Version 7.6.2 is affected.
- Version 7.8.1 is affected.
- Version 7.5.3 is affected.
- Version 7.7.2 is affected.
- Version 7.9.1 is affected.
- Version 7.8.2 is affected.
- Version 7.5.4 is affected.
- Version 7.8.22 is affected.
- Version 7.10.1 is affected.
- Version 7.7.21 is affected.
- Version 7.9.2 is affected.
- Version 7.3.5 is affected.
- Version 7.5.5 is affected.
- Version 7.11.1 is affected.
- Version 7.10.2 is affected.
- Version 7.3.6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.