Cisco IOS XE Local Auth Bypass via Path Traversal & Image Validation
CVE-2025-20313 Published on September 24, 2025
Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due path traversal and improper image integrity validation. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. ERP
Vulnerability Analysis
CVE-2025-20313 can be exploited with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Path Traversal: '.../...//'
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Products Associated with CVE-2025-20313
Want to know whenever a new CVE is published for Cisco IOS XE? stack.watch will email you.
Affected Versions
Cisco IOS XE Software:- Version 17.3.1 is affected.
- Version 17.3.2 is affected.
- Version 17.3.3 is affected.
- Version 17.3.1a is affected.
- Version 17.3.1w is affected.
- Version 17.3.2a is affected.
- Version 17.3.1x is affected.
- Version 17.3.1z is affected.
- Version 17.3.4 is affected.
- Version 17.3.5 is affected.
- Version 17.3.4a is affected.
- Version 17.3.6 is affected.
- Version 17.3.4b is affected.
- Version 17.3.4c is affected.
- Version 17.3.5a is affected.
- Version 17.3.5b is affected.
- Version 17.3.7 is affected.
- Version 17.3.8 is affected.
- Version 17.3.8a is affected.
- Version 17.4.1 is affected.
- Version 17.4.2 is affected.
- Version 17.4.1a is affected.
- Version 17.4.1b is affected.
- Version 17.4.2a is affected.
- Version 17.5.1 is affected.
- Version 17.5.1a is affected.
- Version 17.6.1 is affected.
- Version 17.6.2 is affected.
- Version 17.6.1w is affected.
- Version 17.6.1a is affected.
- Version 17.6.1x is affected.
- Version 17.6.3 is affected.
- Version 17.6.1y is affected.
- Version 17.6.1z is affected.
- Version 17.6.3a is affected.
- Version 17.6.4 is affected.
- Version 17.6.1z1 is affected.
- Version 17.6.5 is affected.
- Version 17.6.6 is affected.
- Version 17.6.6a is affected.
- Version 17.6.5a is affected.
- Version 17.6.7 is affected.
- Version 17.6.8 is affected.
- Version 17.6.8a is affected.
- Version 17.7.1 is affected.
- Version 17.7.1a is affected.
- Version 17.7.1b is affected.
- Version 17.7.2 is affected.
- Version 17.10.1 is affected.
- Version 17.10.1a is affected.
- Version 17.10.1b is affected.
- Version 17.8.1 is affected.
- Version 17.8.1a is affected.
- Version 17.9.1 is affected.
- Version 17.9.1w is affected.
- Version 17.9.2 is affected.
- Version 17.9.1a is affected.
- Version 17.9.1x is affected.
- Version 17.9.1y is affected.
- Version 17.9.3 is affected.
- Version 17.9.2a is affected.
- Version 17.9.1x1 is affected.
- Version 17.9.3a is affected.
- Version 17.9.4 is affected.
- Version 17.9.1y1 is affected.
- Version 17.9.5 is affected.
- Version 17.9.4a is affected.
- Version 17.9.5a is affected.
- Version 17.9.5b is affected.
- Version 17.9.6 is affected.
- Version 17.9.6a is affected.
- Version 17.9.7 is affected.
- Version 17.9.5e is affected.
- Version 17.9.5f is affected.
- Version 17.9.7a is affected.
- Version 17.9.7b is affected.
- Version 17.11.1 is affected.
- Version 17.11.1a is affected.
- Version 17.12.1 is affected.
- Version 17.12.1w is affected.
- Version 17.12.1a is affected.
- Version 17.12.1x is affected.
- Version 17.12.2 is affected.
- Version 17.12.3 is affected.
- Version 17.12.2a is affected.
- Version 17.12.1y is affected.
- Version 17.12.1z is affected.
- Version 17.12.4 is affected.
- Version 17.12.3a is affected.
- Version 17.12.1z1 is affected.
- Version 17.12.1z2 is affected.
- Version 17.12.4a is affected.
- Version 17.12.5 is affected.
- Version 17.12.4b is affected.
- Version 17.12.1z3 is affected.
- Version 17.12.5a is affected.
- Version 17.12.1z4 is affected.
- Version 17.12.5b is affected.
- Version 17.12.5c is affected.
- Version 17.13.1 is affected.
- Version 17.13.1a is affected.
- Version 17.14.1 is affected.
- Version 17.14.1a is affected.
- Version 17.15.1 is affected.
- Version 17.15.1w is affected.
- Version 17.15.1a is affected.
- Version 17.15.2 is affected.
- Version 17.15.1b is affected.
- Version 17.15.1x is affected.
- Version 17.15.3 is affected.
- Version 17.15.2c is affected.
- Version 17.15.2a is affected.
- Version 17.15.1y is affected.
- Version 17.15.2b is affected.
- Version 17.15.3a is affected.
- Version 17.15.3b is affected.
- Version 17.16.1 is affected.
- Version 17.16.1a is affected.
- Version 17.17.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.