CVE-2025-20138: Cisco IOS XR Software CLI Privilege Escalation Vulnerability

8.8 CVSS

Description

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.

This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands.

Classification

CVE ID: CVE-2025-20138

CVSS Base Severity: HIGH

CVSS Base Score: 8.8

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem Types

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected Products

Vendor: Cisco

Product: Cisco IOS XR Software

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 14.21% (scored less or equal to compared to others)

EPSS Date: 2025-04-10 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-20138
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-GFQjxvOF
https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/

Timeline

2025-03-12 16:15:28 UTC
Cisco Security Advisory

Cisco IOS XR Software CLI Privilege Escalation Vulnerability
2025-03-12 17:40:22 UTC
CVE

Cisco IOS XR Software CLI Privilege Escalation Vulnerability