InfoSecBulletin Cybersecurity for mankind
Cisco has issued a security advisory for a high-severity vulnerability in its IOS XR Software, labeled CVE-2025-20138, with a CVSS score of 8.8, which signifies a serious risk.
The vulnerability in the Command Line Interface (CLI) of Cisco IOS XR Software allows an authenticated local attacker to execute arbitrary commands as root on the affected device’s operating system.
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
CVE-2023-39780
Botnet hacks thousands of ASUS routers
This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands.
This vulnerability affects Cisco IOS XR 64-bit Software, regardless of device configuration. To determine if a specific Cisco software release is vulnerable, users are advised to consult the “Fixed Software” section of the advisory.
The following products are not affected by this vulnerability:
IOS Software
IOS XE Software
IOS XR 32-bit Software
NX-OS Software
Cisco has confirmed there are no workarounds for this vulnerability. The only solution is to install the required software updates.
Cisco has released software updates to fix a critical vulnerability. Customers should upgrade to the fixed software version promptly.
