Resource exhaustion in Cisco Ios Xr Software

CVE-2025-20141

A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop worki…

EPSS: 0.002 (13.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-20141?
CVE-2025-20141 is a high-severity vulnerability in Cisco Ios Xr Software, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 7.4/10. Published 2025-03-12.
How severe is CVE-2025-20141?
High severity. CVSS v3 base score is 7.4 out of 10.