InfoSecBulletin Cybersecurity for mankind
Cisco has issued a security advisory for a high-severity vulnerability in its IOS XR Software, labeled CVE-2025-20138, with a CVSS score of 8.8, which signifies a serious risk.
The vulnerability in the Command Line Interface (CLI) of Cisco IOS XR Software allows an authenticated local attacker to execute arbitrary commands as root on the affected device’s operating system.
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands.
This vulnerability affects Cisco IOS XR 64-bit Software, regardless of device configuration. To determine if a specific Cisco software release is vulnerable, users are advised to consult the “Fixed Software” section of the advisory.
The following products are not affected by this vulnerability:
IOS Software
IOS XE Software
IOS XR 32-bit Software
NX-OS Software
Cisco has confirmed there are no workarounds for this vulnerability. The only solution is to install the required software updates.
Cisco has released software updates to fix a critical vulnerability. Customers should upgrade to the fixed software version promptly.
