InfoSecBulletin Cybersecurity for mankind
Cisco has issued a security advisory for a high-severity vulnerability in its IOS XR Software, labeled CVE-2025-20138, with a CVSS score of 8.8, which signifies a serious risk.
The vulnerability in the Command Line Interface (CLI) of Cisco IOS XR Software allows an authenticated local attacker to execute arbitrary commands as root on the affected device’s operating system.
CVE-2025-25291 & CVE-2025-25292
Attention! GitLab Patched Critical Authentication Bypass Flaws
CVE-2025-20138
Cisco released High Security Alert for IOS XR Software
400+ IPs Exploiting Multiple SSRF Vulnerabilities
NVIDIA has released update for NVIDIA Riva
CVE-2025-24201
Apple fixes 0-day exploited in “extremely sophisticated attack”
Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws
Ballista Botnet infects 6000 Unpatched TP-Link Routers
CVE-2025-24813
Flaw in Apache Tomcat Exposes Servers to RCE
CISA Adds 3 Ivanti Endpoint Manager Bugs to KEV
Ransomware Attacks Set Records in February: New Data Shows
This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands.
This vulnerability affects Cisco IOS XR 64-bit Software, regardless of device configuration. To determine if a specific Cisco software release is vulnerable, users are advised to consult the “Fixed Software” section of the advisory.
The following products are not affected by this vulnerability:
IOS Software
IOS XE Software
IOS XR 32-bit Software
NX-OS Software
Cisco has confirmed there are no workarounds for this vulnerability. The only solution is to install the required software updates.
Cisco has released software updates to fix a critical vulnerability. Customers should upgrade to the fixed software version promptly.
