Cisco IOS XE CLI PrivEsc via Insufficient Input Validation
CVE-2025-20200 Published on May 7, 2025

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific configuration commands. An attacker could exploit this vulnerability by including crafted input in specific configuration commands. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system of an affected device. The security impact rating (SIR) of this advisory has been raised to High because an attacker could gain access to the underlying operating system of the affected device and perform potentially undetected actions. Note: The attacker must have privileges to enter configuration mode on the affected device. This is usually referred to as privilege level 15.

NVD

Vulnerability Analysis

CVE-2025-20200 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

LOW

Integrity Impact:

HIGH

Availability Impact:

NONE

Weakness Type

Improper Check for Unusual or Exceptional Conditions

The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

Products Associated with CVE-2025-20200

Want to know whenever a new CVE is published for Cisco IOS XE? stack.watch will email you.

Cisco IOS XE

Affected Versions

Cisco IOS XE Software:

Version 3.7.0S is affected.
Version 3.7.1S is affected.
Version 3.7.2S is affected.
Version 3.7.3S is affected.
Version 3.7.4S is affected.
Version 3.7.5S is affected.
Version 3.7.6S is affected.
Version 3.7.7S is affected.
Version 3.7.4aS is affected.
Version 3.7.2tS is affected.
Version 3.7.0bS is affected.
Version 3.7.1aS is affected.
Version 3.3.0SG is affected.
Version 3.3.2SG is affected.
Version 3.3.1SG is affected.
Version 3.8.0S is affected.
Version 3.8.1S is affected.
Version 3.8.2S is affected.
Version 3.9.1S is affected.
Version 3.9.0S is affected.
Version 3.9.2S is affected.
Version 3.9.1aS is affected.
Version 3.9.0aS is affected.
Version 3.2.0SE is affected.
Version 3.2.1SE is affected.
Version 3.2.2SE is affected.
Version 3.2.3SE is affected.
Version 3.3.0SE is affected.
Version 3.3.1SE is affected.
Version 3.3.2SE is affected.
Version 3.3.3SE is affected.
Version 3.3.4SE is affected.
Version 3.3.5SE is affected.
Version 3.4.0SG is affected.
Version 3.4.2SG is affected.
Version 3.4.1SG is affected.
Version 3.4.3SG is affected.
Version 3.4.4SG is affected.
Version 3.4.5SG is affected.
Version 3.4.6SG is affected.
Version 3.4.7SG is affected.
Version 3.4.8SG is affected.
Version 3.5.0E is affected.
Version 3.5.1E is affected.
Version 3.5.2E is affected.
Version 3.5.3E is affected.
Version 3.11.1S is affected.
Version 3.11.2S is affected.
Version 3.11.0S is affected.
Version 3.11.3S is affected.
Version 3.11.4S is affected.
Version 3.12.0S is affected.
Version 3.12.1S is affected.
Version 3.12.2S is affected.
Version 3.12.3S is affected.
Version 3.12.0aS is affected.
Version 3.12.4S is affected.
Version 3.13.0S is affected.
Version 3.13.1S is affected.
Version 3.13.2S is affected.
Version 3.13.3S is affected.
Version 3.13.4S is affected.
Version 3.13.5S is affected.
Version 3.13.2aS is affected.
Version 3.13.0aS is affected.
Version 3.13.5aS is affected.
Version 3.13.6S is affected.
Version 3.13.7S is affected.
Version 3.13.6aS is affected.
Version 3.13.7aS is affected.
Version 3.13.8S is affected.
Version 3.13.9S is affected.
Version 3.13.10S is affected.
Version 3.6.0E is affected.
Version 3.6.1E is affected.
Version 3.6.2aE is affected.
Version 3.6.2E is affected.
Version 3.6.3E is affected.
Version 3.6.4E is affected.
Version 3.6.5E is affected.
Version 3.6.6E is affected.
Version 3.6.5aE is affected.
Version 3.6.5bE is affected.
Version 3.6.7E is affected.
Version 3.6.8E is affected.
Version 3.6.7bE is affected.
Version 3.6.9E is affected.
Version 3.6.10E is affected.
Version 3.14.0S is affected.
Version 3.14.1S is affected.
Version 3.14.2S is affected.
Version 3.14.3S is affected.
Version 3.14.4S is affected.
Version 3.15.0S is affected.
Version 3.15.1S is affected.
Version 3.15.2S is affected.
Version 3.15.1cS is affected.
Version 3.15.3S is affected.
Version 3.15.4S is affected.
Version 3.7.0E is affected.
Version 3.7.1E is affected.
Version 3.7.2E is affected.
Version 3.7.3E is affected.
Version 3.7.4E is affected.
Version 3.7.5E is affected.
Version 3.16.0S is affected.
Version 3.16.1S is affected.
Version 3.16.1aS is affected.
Version 3.16.2S is affected.
Version 3.16.2aS is affected.
Version 3.16.0cS is affected.
Version 3.16.3S is affected.
Version 3.16.2bS is affected.
Version 3.16.3aS is affected.
Version 3.16.4S is affected.
Version 3.16.4aS is affected.
Version 3.16.4bS is affected.
Version 3.16.5S is affected.
Version 3.16.4dS is affected.
Version 3.16.6S is affected.
Version 3.16.7S is affected.
Version 3.16.6bS is affected.
Version 3.16.7aS is affected.
Version 3.16.7bS is affected.
Version 3.16.8S is affected.
Version 3.16.9S is affected.
Version 3.16.10S is affected.
Version 3.17.0S is affected.
Version 3.17.1S is affected.
Version 3.17.2S is affected.
Version 3.17.1aS is affected.
Version 3.17.3S is affected.
Version 3.17.4S is affected.
Version 16.1.1 is affected.
Version 16.1.2 is affected.
Version 16.1.3 is affected.
Version 16.2.1 is affected.
Version 16.2.2 is affected.
Version 3.8.0E is affected.
Version 3.8.1E is affected.
Version 3.8.2E is affected.
Version 3.8.3E is affected.
Version 3.8.4E is affected.
Version 3.8.5E is affected.
Version 3.8.5aE is affected.
Version 3.8.6E is affected.
Version 3.8.7E is affected.
Version 3.8.8E is affected.
Version 3.8.9E is affected.
Version 3.8.10E is affected.
Version 16.3.1 is affected.
Version 16.3.2 is affected.
Version 16.3.3 is affected.
Version 16.3.1a is affected.
Version 16.3.4 is affected.
Version 16.3.5 is affected.
Version 16.3.5b is affected.
Version 16.3.6 is affected.
Version 16.3.7 is affected.
Version 16.3.8 is affected.
Version 16.3.9 is affected.
Version 16.3.10 is affected.
Version 16.3.11 is affected.
Version 16.4.1 is affected.
Version 16.4.2 is affected.
Version 16.4.3 is affected.
Version 16.5.1 is affected.
Version 16.5.1a is affected.
Version 16.5.1b is affected.
Version 16.5.2 is affected.
Version 16.5.3 is affected.
Version 3.18.0aS is affected.
Version 3.18.0S is affected.
Version 3.18.1S is affected.
Version 3.18.2S is affected.
Version 3.18.3S is affected.
Version 3.18.4S is affected.
Version 3.18.0SP is affected.
Version 3.18.1SP is affected.
Version 3.18.1aSP is affected.
Version 3.18.1bSP is affected.
Version 3.18.1cSP is affected.
Version 3.18.2SP is affected.
Version 3.18.2aSP is affected.
Version 3.18.3SP is affected.
Version 3.18.4SP is affected.
Version 3.18.3aSP is affected.
Version 3.18.3bSP is affected.
Version 3.18.5SP is affected.
Version 3.18.6SP is affected.
Version 3.18.7SP is affected.
Version 3.18.8aSP is affected.
Version 3.18.9SP is affected.
Version 3.9.0E is affected.
Version 3.9.1E is affected.
Version 3.9.2E is affected.
Version 16.6.1 is affected.
Version 16.6.2 is affected.
Version 16.6.3 is affected.
Version 16.6.4 is affected.
Version 16.6.5 is affected.
Version 16.6.4a is affected.
Version 16.6.5a is affected.
Version 16.6.6 is affected.
Version 16.6.7 is affected.
Version 16.6.8 is affected.
Version 16.6.9 is affected.
Version 16.6.10 is affected.
Version 16.7.1 is affected.
Version 16.7.1a is affected.
Version 16.7.1b is affected.
Version 16.7.2 is affected.
Version 16.7.3 is affected.
Version 16.7.4 is affected.
Version 16.8.1 is affected.
Version 16.8.1a is affected.
Version 16.8.1b is affected.
Version 16.8.1s is affected.
Version 16.8.1c is affected.
Version 16.8.1d is affected.
Version 16.8.2 is affected.
Version 16.8.1e is affected.
Version 16.8.3 is affected.
Version 16.9.1 is affected.
Version 16.9.2 is affected.
Version 16.9.1a is affected.
Version 16.9.1b is affected.
Version 16.9.1s is affected.
Version 16.9.3 is affected.
Version 16.9.4 is affected.
Version 16.9.3a is affected.
Version 16.9.5 is affected.
Version 16.9.5f is affected.
Version 16.9.6 is affected.
Version 16.9.7 is affected.
Version 16.9.8 is affected.
Version 16.10.1 is affected.
Version 16.10.1a is affected.
Version 16.10.1b is affected.
Version 16.10.1s is affected.
Version 16.10.1c is affected.
Version 16.10.1e is affected.
Version 16.10.1d is affected.
Version 16.10.2 is affected.
Version 16.10.1f is affected.
Version 16.10.1g is affected.
Version 16.10.3 is affected.
Version 3.10.0E is affected.
Version 3.10.1E is affected.
Version 3.10.0cE is affected.
Version 3.10.2E is affected.
Version 3.10.3E is affected.
Version 16.11.1 is affected.
Version 16.11.1a is affected.
Version 16.11.1b is affected.
Version 16.11.2 is affected.
Version 16.11.1s is affected.
Version 16.12.1 is affected.
Version 16.12.1s is affected.
Version 16.12.1a is affected.
Version 16.12.1c is affected.
Version 16.12.1w is affected.
Version 16.12.2 is affected.
Version 16.12.1y is affected.
Version 16.12.2a is affected.
Version 16.12.3 is affected.
Version 16.12.8 is affected.
Version 16.12.2s is affected.
Version 16.12.1x is affected.
Version 16.12.1t is affected.
Version 16.12.4 is affected.
Version 16.12.3s is affected.
Version 16.12.3a is affected.
Version 16.12.4a is affected.
Version 16.12.5 is affected.
Version 16.12.6 is affected.
Version 16.12.1z1 is affected.
Version 16.12.5a is affected.
Version 16.12.5b is affected.
Version 16.12.1z2 is affected.
Version 16.12.6a is affected.
Version 16.12.7 is affected.
Version 16.12.9 is affected.
Version 16.12.10 is affected.
Version 16.12.10a is affected.
Version 16.12.11 is affected.
Version 16.12.12 is affected.
Version 3.11.0E is affected.
Version 3.11.1E is affected.
Version 3.11.2E is affected.
Version 3.11.3E is affected.
Version 3.11.1aE is affected.
Version 3.11.4E is affected.
Version 3.11.3aE is affected.
Version 3.11.5E is affected.
Version 3.11.6E is affected.
Version 3.11.7E is affected.
Version 3.11.8E is affected.
Version 3.11.9E is affected.
Version 3.11.10E is affected.
Version 3.11.11E is affected.
Version 17.1.1 is affected.
Version 17.1.1a is affected.
Version 17.1.1s is affected.
Version 17.1.1t is affected.
Version 17.1.3 is affected.
Version 17.2.1 is affected.
Version 17.2.1r is affected.
Version 17.2.1a is affected.
Version 17.2.1v is affected.
Version 17.2.2 is affected.
Version 17.2.3 is affected.
Version 17.3.1 is affected.
Version 17.3.2 is affected.
Version 17.3.3 is affected.
Version 17.3.1a is affected.
Version 17.3.1w is affected.
Version 17.3.2a is affected.
Version 17.3.1x is affected.
Version 17.3.1z is affected.
Version 17.3.4 is affected.
Version 17.3.5 is affected.
Version 17.3.4a is affected.
Version 17.3.6 is affected.
Version 17.3.4b is affected.
Version 17.3.4c is affected.
Version 17.3.5a is affected.
Version 17.3.5b is affected.
Version 17.3.7 is affected.
Version 17.3.8 is affected.
Version 17.3.8a is affected.
Version 17.4.1 is affected.
Version 17.4.2 is affected.
Version 17.4.1a is affected.
Version 17.4.1b is affected.
Version 17.4.2a is affected.
Version 17.5.1 is affected.
Version 17.5.1a is affected.
Version 17.6.1 is affected.
Version 17.6.2 is affected.
Version 17.6.1w is affected.
Version 17.6.1a is affected.
Version 17.6.1x is affected.
Version 17.6.3 is affected.
Version 17.6.1y is affected.
Version 17.6.1z is affected.
Version 17.6.3a is affected.
Version 17.6.4 is affected.
Version 17.6.1z1 is affected.
Version 17.6.5 is affected.
Version 17.6.6 is affected.
Version 17.6.6a is affected.
Version 17.6.5a is affected.
Version 17.6.7 is affected.
Version 17.6.8 is affected.
Version 17.6.8a is affected.
Version 17.7.1 is affected.
Version 17.7.1a is affected.
Version 17.7.1b is affected.
Version 17.7.2 is affected.
Version 17.10.1 is affected.
Version 17.10.1a is affected.
Version 17.10.1b is affected.
Version 17.8.1 is affected.
Version 17.8.1a is affected.
Version 17.9.1 is affected.
Version 17.9.1w is affected.
Version 17.9.2 is affected.
Version 17.9.1a is affected.
Version 17.9.1x is affected.
Version 17.9.1y is affected.
Version 17.9.3 is affected.
Version 17.9.2a is affected.
Version 17.9.1x1 is affected.
Version 17.9.3a is affected.
Version 17.9.4 is affected.
Version 17.9.1y1 is affected.
Version 17.9.5 is affected.
Version 17.9.4a is affected.
Version 17.9.5a is affected.
Version 17.9.5b is affected.
Version 17.9.6 is affected.
Version 17.9.6a is affected.
Version 17.9.5e is affected.
Version 17.9.5f is affected.
Version 17.11.1 is affected.
Version 17.11.1a is affected.
Version 17.12.1 is affected.
Version 17.12.1w is affected.
Version 17.12.1a is affected.
Version 17.12.1x is affected.
Version 17.12.2 is affected.
Version 17.12.3 is affected.
Version 17.12.2a is affected.
Version 17.12.1y is affected.
Version 17.12.1z is affected.
Version 17.12.4 is affected.
Version 17.12.3a is affected.
Version 17.12.1z1 is affected.
Version 17.12.4a is affected.
Version 17.12.4b is affected.
Version 17.13.1 is affected.
Version 17.13.1a is affected.
Version 17.14.1 is affected.
Version 17.14.1a is affected.
Version 17.11.99SW is affected.
Version 17.15.1 is affected.
Version 17.15.1w is affected.
Version 17.15.1a is affected.
Version 17.15.1b is affected.

Exploit Probability

EPSS

0.08%

Percentile

23.98%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.