Cisco IOS Sig Verif Bypass on Catalyst 2960X 2960XR 2960CX 3560CX
CVE-2025-20181 Published on May 7, 2025
A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to missing signature verification for specific files that may be loaded during the device boot process. An attacker could exploit this vulnerability by placing a crafted file into a specific location on an affected device. A successful exploit could allow the attacker to execute arbitrary code at boot time. Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.
Weakness Type
Improper Verification of Cryptographic Signature
The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Products Associated with CVE-2025-20181
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-20181 are published in Cisco Internetwork Operating System (IOS):
Affected Versions
Cisco IOS:- Version 15.0(1)XO1 is affected.
- Version 15.0(1)XO is affected.
- Version 15.0(2)XO is affected.
- Version 15.0(1)EY is affected.
- Version 15.0(1)EY1 is affected.
- Version 15.0(1)EY2 is affected.
- Version 15.0(2)SE8 is affected.
- Version 15.0(1)EX is affected.
- Version 15.0(2)EX is affected.
- Version 15.0(2)EX1 is affected.
- Version 15.0(2)EX2 is affected.
- Version 15.0(2)EX3 is affected.
- Version 15.0(2)EX4 is affected.
- Version 15.0(2)EX5 is affected.
- Version 15.0(2)EX8 is affected.
- Version 15.0(2a)EX5 is affected.
- Version 15.0(2)EX10 is affected.
- Version 15.0(2)EX11 is affected.
- Version 15.0(2)EX13 is affected.
- Version 15.0(2)EX12 is affected.
- Version 15.2(2)E is affected.
- Version 15.2(3)E is affected.
- Version 15.2(2)E1 is affected.
- Version 15.2(4)E is affected.
- Version 15.2(3)E1 is affected.
- Version 15.2(2)E2 is affected.
- Version 15.2(2a)E1 is affected.
- Version 15.2(2)E3 is affected.
- Version 15.2(2a)E2 is affected.
- Version 15.2(3)E2 is affected.
- Version 15.2(3a)E is affected.
- Version 15.2(3)E3 is affected.
- Version 15.2(4)E1 is affected.
- Version 15.2(2)E4 is affected.
- Version 15.2(2)E5 is affected.
- Version 15.2(4)E2 is affected.
- Version 15.2(3)E4 is affected.
- Version 15.2(5)E is affected.
- Version 15.2(4)E3 is affected.
- Version 15.2(2)E6 is affected.
- Version 15.2(5)E1 is affected.
- Version 15.2(5b)E is affected.
- Version 15.2(2)E5a is affected.
- Version 15.2(2)E5b is affected.
- Version 15.2(4)E4 is affected.
- Version 15.2(2)E7 is affected.
- Version 15.2(5)E2 is affected.
- Version 15.2(6)E is affected.
- Version 15.2(4)E5 is affected.
- Version 15.2(2)E8 is affected.
- Version 15.2(6)E0a is affected.
- Version 15.2(6)E1 is affected.
- Version 15.2(6)E0c is affected.
- Version 15.2(4)E6 is affected.
- Version 15.2(6)E2 is affected.
- Version 15.2(2)E9 is affected.
- Version 15.2(4)E7 is affected.
- Version 15.2(7)E is affected.
- Version 15.2(2)E10 is affected.
- Version 15.2(4)E8 is affected.
- Version 15.2(6)E2a is affected.
- Version 15.2(6)E2b is affected.
- Version 15.2(7)E1 is affected.
- Version 15.2(7)E0a is affected.
- Version 15.2(7)E0b is affected.
- Version 15.2(7)E0s is affected.
- Version 15.2(6)E3 is affected.
- Version 15.2(4)E9 is affected.
- Version 15.2(7)E2 is affected.
- Version 15.2(7a)E0b is affected.
- Version 15.2(4)E10 is affected.
- Version 15.2(7)E3 is affected.
- Version 15.2(7)E1a is affected.
- Version 15.2(7b)E0b is affected.
- Version 15.2(7)E2a is affected.
- Version 15.2(4)E10a is affected.
- Version 15.2(7)E4 is affected.
- Version 15.2(7)E3k is affected.
- Version 15.2(8)E is affected.
- Version 15.2(8)E1 is affected.
- Version 15.2(7)E5 is affected.
- Version 15.2(7)E6 is affected.
- Version 15.2(8)E2 is affected.
- Version 15.2(4)E10d is affected.
- Version 15.2(7)E7 is affected.
- Version 15.2(8)E3 is affected.
- Version 15.2(7)E8 is affected.
- Version 15.2(8)E4 is affected.
- Version 15.2(7)E9 is affected.
- Version 15.2(8)E5 is affected.
- Version 15.2(8)E6 is affected.
- Version 15.2(7)E10 is affected.
- Version 15.2(6)EB is affected.
- Version 15.2(4)EA7 is affected.
- Version 15.2(4)EA8 is affected.
- Version 15.2(4)EA9 is affected.
- Version 15.2(4)EA9a is affected.
- Version 15.0(2)SQD is affected.
- Version 15.0(2)SQD1 is affected.
- Version 15.0(2)SQD2 is affected.
- Version 15.0(2)SQD3 is affected.
- Version 15.0(2)SQD4 is affected.
- Version 15.0(2)SQD5 is affected.
- Version 15.0(2)SQD6 is affected.
- Version 15.0(2)SQD7 is affected.
- Version 15.0(2)SQD8 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.