VDB
CVE-2025-20149
CVE-2025-20149
PUBLISHED
CVSS 6.5 MEDIUM
A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
EPSS 0.03% · 10.0th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.03%
10.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | IOS | *, 15.2(1)SY6, 15.2(1)SY7 |
| Cisco | Cisco IOS XE Software | 3.7.1S, 3.7.2S, 3.7.3S |
Exploit Intelligence
- CIRCL seen: CVE-2025-20149 (circl-sighting)
- CIRCL seen: CVE-2025-20149 (circl-sighting)
- cisco-sa-ios-cli-EB7cZ6yO (circl)
Timeline
- Oct 10, 2024 CVE ID Reserved
- Sep 24, 2025 CVE Published
- Sep 24, 2025 CVE Updated
- Sep 25, 2025 EPSS Score
- Sep 25, 2025 PoC Published
- Sep 26, 2025 PoC Published
- Oct 2, 2025 EPSS Score
- Oct 3, 2025 Coalition ESS Score
- Oct 6, 2025 Coalition ESS Score
- Oct 9, 2025 EPSS Score
- Oct 15, 2025 EPSS Score
- Oct 22, 2025 EPSS Score