InfoSecBulletin Cybersecurity for mankind
Cisco has issued a security advisory for a high-severity vulnerability in its IOS XR Software, labeled CVE-2025-20138, with a CVSS score of 8.8, which signifies a serious risk.
The vulnerability in the Command Line Interface (CLI) of Cisco IOS XR Software allows an authenticated local attacker to execute arbitrary commands as root on the affected device’s operating system.
WhatsApp banned on all US House of Representatives devices
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands.
This vulnerability affects Cisco IOS XR 64-bit Software, regardless of device configuration. To determine if a specific Cisco software release is vulnerable, users are advised to consult the “Fixed Software” section of the advisory.
The following products are not affected by this vulnerability:
IOS Software
IOS XE Software
IOS XR 32-bit Software
NX-OS Software
Cisco has confirmed there are no workarounds for this vulnerability. The only solution is to install the required software updates.
Cisco has released software updates to fix a critical vulnerability. Customers should upgrade to the fixed software version promptly.
