---
licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0)
licence_link: https://creativecommons.org/licenses/by/4.0/
licence_restrictions: https://cert.europa.eu/legal-notice
licence_author: The Cybersecurity Service for the Union institutions, bodies, offices and agencies
title: 'Critical Vulnerability in Cisco IOS XR Software'
number: '2025-010'
version: '1.0'
original_date: '2025-03-13'
date: '2025-03-14'
---

_History:_

* _14/03/2025 --- v1.0 -- Initial publication_

# Summary

On March 13, 2025, CISCO released an advisory regarding a critical vulnerability identified in Cisco’s IOS XR Software [1].

It is recommended updating affected assets as soon as possible.

# Technical Details

The vulnerability **CVE-2025-20138**, with a CVSS score of 8.8, stems from insufficient input validation in specific CLI (Command Line Interface) commands within the 64-bit version of Cisco IOS XR Software. Attackers can exploit this by crafting malicious arguments that escalate their privileges to root level. This enables full control over the device, potentially leading to unauthorised command execution, data manipulation, or system destabilisation [2].

# Affected Products

The following Cisco IOS XR 64-bit Software versions are affected by the vulnerability:

- 24.1 and earlier
- 24.2 before 24.2.21
- 24.3

# Recommendations

CERT-EU recommends updating the affected products as soon as possible to the latest version.

## Detection

To identify if this vulnerability has been exploited, monitor system logs for any unauthorised root-level command executions.

# References

[1] <https://cybersecuritynews.com/cisco-ios-xr-software-vulnerability-command/>

[2] <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-GFQjxvOF>