CVE-2025-20334 — Vulnetix

CVE-2025-20334 PUBLISHED

De multiples vulnérabilités ont été découvertes dans Cisco IOS et IOS XE. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité. Cisco indique que la vulnérabilité CVE-2025-20352 est activement exploitée.

EPSS 0.08% · 22.8th percentile

Risk Scores

EPSS Score

0.08%

22.8th percentile

Affected Products

Vendor	Product	Versions
Cisco	IOS XE
Cisco	IOS

Exploit Intelligence

CIRCL seen: CVE-2025-20334 (circl-sighting)
CIRCL seen: CVE-2025-20334 (circl-sighting)
cisco-sa-ios-xe-cmd-inject-rPJM8BGL (circl)

Timeline

Oct 10, 2024 CVE ID Reserved
Sep 24, 2025 PoC Published
Sep 24, 2025 CVE Published
Sep 25, 2025 EPSS Score
Sep 26, 2025 PoC Published
Oct 2, 2025 EPSS Score
Oct 3, 2025 Coalition ESS Score
Oct 6, 2025 Coalition ESS Score
Oct 9, 2025 EPSS Score
Oct 15, 2025 EPSS Score
Oct 22, 2025 EPSS Score
Oct 29, 2025 EPSS Score

References

https://cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0818/ advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat9k-PtmD7bgy advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-tacacs-hdB7thJw advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpwred-x3MJyf5M advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cmd-inject-rPJM8BGL advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-invalid-url-dos-Nvxszf6u advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nbar-dos-LAvwTmeT advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secboot-UqFD8AvC advisory

Open in Interactive Console →