Cisco has issued security advisories for multiple vulnerabilities affecting its IOS XR Software, with particular emphasis on a significant memory corruption vulnerability in the Border Gateway Protocol (BGP) confederation implementation.\u00a0<\/p>\n
The vulnerability tracked as CVE-2025-20115, with a CVSS score of 8.6, could allow unauthenticated, remote attackers to cause denial-of-service conditions on affected network infrastructure.<\/p>\n
The BGP confederation vulnerability (cisco-sa-iosxr-bgp-dos-O7stePhX) stems from memory corruption that occurs when a BGP update contains an AS_CONFED_SEQUENCE attribute with 255 autonomous system numbers or more.\u00a0<\/p>\n
This buffer overflow<\/a> vulnerability, classified as CWE-120, represents a significant threat to network stability for organizations using Cisco IOS XR with BGP confederation configured.<\/p>\n According to Cisco\u2019s security advisory released<\/a> on March 12, 2025, an attacker could exploit this vulnerability by sending crafted BGP update<\/a> messages to trigger memory corruption, which may force the BGP process to restart and result in a network-wide denial of service condition.\u00a0<\/p>\n The exploit path requires the attacker to control a BGP confederation speaker within the same autonomous system as the target or requires a network configuration where the AS_CONFED_SEQUENCE attribute naturally grows beyond the threshold size.<\/p>\n The vulnerability affects all Cisco IOS XR Software versions with BGP confederation enabled, including versions 7.11 and earlier, 24.1 and earlier, and 24.2 up to 24.2.20.<\/p>\nCisco IOS XR Software Vulnerability<\/strong><\/h2>\n
![\"\"](\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXdjJJjpmBBudcjRINp1LU1s3EIyZ8xCBF3mbUuFkKN5NnY0YAwqQrCu4NHoFAvAsAqJRXXVf2htfSDQZ3zhZQ3WWXOHPTS0TGs7LrNsjgLzVOo9y3YrIAFZQFcAiUyv9hCxpYBEUg?key=djc-grfImAWHlmSgu8YjZBso\")
<\/figure>\n