CVE-2025-20262
A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of PIM6 ephemeral data queries. An attacker could exploit this vulnerability by sending a crafted ephemeral query to an affected device through one of the following methods: NX-API REST, NETCONF, RESTConf, gRPC, or Model Driven Telemetry. A successful exploit could allow the attacker to cause the PIM6 process to crash and restart, causing potential adjacency flaps and resulting in a DoS of the PIM6 and ephemeral query processes.
EPSS 0.17% · 38.0th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco NX-OS Software | 9.2(3), 9.2(2v), 9.2(2t) |
Exploit Intelligence
- CIRCL seen: CVE-2025-20262 (circl-sighting)
- cisco-sa-nxospc-pim6-vG4jFPh (circl)
Timeline
- Oct 10, 2024 CVE ID Reserved
- Aug 27, 2025 Coalition ESS Score
- Aug 27, 2025 CVE Published
- Aug 27, 2025 CVE Updated
- Aug 28, 2025 EPSS Score
- Sep 1, 2025 Coalition ESS Score
- Sep 5, 2025 EPSS Score
- Sep 13, 2025 EPSS Score
- Sep 20, 2025 EPSS Score
- Sep 28, 2025 EPSS Score
- Oct 3, 2025 Coalition ESS Score
- Oct 6, 2025 EPSS Score