{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2025-010.pdf"
    },
    "title": "Critical Vulnerability in Cisco IOS XR Software",
    "serial_number": "2025-010",
    "publish_date": "14-03-2025 16:02:50",
    "description": "On March 13, 2025, CISCO released an advisory regarding a critical vulnerability identified in Cisco\u2019s IOS XR Software.<br>\nIt is recommended updating affected assets as soon as possible.<br>\n",
    "url_title": "2025-010",
    "content_markdown": "---\ntitle: 'Critical Vulnerability in\u00a0Cisco\u00a0IOS\u00a0XR\u00a0Software'\nnumber: '2025-010'\nversion: '1.0'\noriginal_date: '2025-03-13'\ndate: '2025-03-14'\n---\n\n_History:_\n\n* _14/03/2025 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn March 13, 2025, CISCO released an advisory regarding a critical vulnerability identified in Cisco\u2019s IOS XR Software [1].\n\nIt is recommended updating affected assets as soon as possible.\n\n# Technical Details\n\nThe vulnerability\u00a0**CVE-2025-20138**, with a CVSS score of 8.8, stems from insufficient input validation in specific CLI (Command Line Interface) commands within the 64-bit version of Cisco IOS XR Software. Attackers can exploit this by crafting malicious arguments that escalate their privileges to root level. This enables full control over the device, potentially leading to unauthorised command execution, data manipulation, or system destabilisation [2].\n\n# Affected Products\n\nThe following Cisco IOS XR 64-bit Software versions are affected by the vulnerability:\n\n- 24.1 and earlier\n- 24.2 before 24.2.21\n- 24.3\n\n# Recommendations\n\nCERT-EU recommends updating the affected products as soon as possible to the latest version.\n\n## Detection\n\nTo identify if this vulnerability has been exploited, monitor system logs for any unauthorised root-level command executions.\n\n# References\n\n[1] <https://cybersecuritynews.com/cisco-ios-xr-software-vulnerability-command/>\n\n[2] <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-GFQjxvOF>",
    "content_html": "<p><em>History:</em></p><ul><li><em>14/03/2025 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On March 13, 2025, CISCO released an advisory regarding a critical vulnerability identified in Cisco\u2019s IOS XR Software [1].</p><p>It is recommended updating affected assets as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability\u00a0<strong>CVE-2025-20138</strong>, with a CVSS score of 8.8, stems from insufficient input validation in specific CLI (Command Line Interface) commands within the 64-bit version of Cisco IOS XR Software. Attackers can exploit this by crafting malicious arguments that escalate their privileges to root level. This enables full control over the device, potentially leading to unauthorised command execution, data manipulation, or system destabilisation [2].</p><h2 id=\"affected-products\">Affected Products</h2><p>The following Cisco IOS XR 64-bit Software versions are affected by the vulnerability:</p><ul><li>24.1 and earlier</li><li>24.2 before 24.2.21</li><li>24.3</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends updating the affected products as soon as possible to the latest version.</p><h3 id=\"detection\">Detection</h3><p>To identify if this vulnerability has been exploited, monitor system logs for any unauthorised root-level command executions.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://cybersecuritynews.com/cisco-ios-xr-software-vulnerability-command/\">https://cybersecuritynews.com/cisco-ios-xr-software-vulnerability-command/</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-GFQjxvOF\">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-GFQjxvOF</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}