What is CVE-2025-20154?

CVE-2025-20154 is a high-severity vulnerability in Cisco Ios Xr Software, classified under Improper Input Validation. CVSS score: 8.6/10. Published 2025-05-07.

How severe is CVE-2025-20154?

High severity. CVSS v3 base score is 8.6 out of 10.

Improper input validation in Cisco Ios Xr Software

CVE-2025-20154

A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (64.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H.

Affected products

Cisco Ios Xr Software — versions 6.5.3, 6.5.29, 6.5.1

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cisco-sa-twamp-kV4FHugn

Frequently asked questions

What is CVE-2025-20154?: CVE-2025-20154 is a high-severity vulnerability in Cisco Ios Xr Software, classified under Improper Input Validation. CVSS score: 8.6/10. Published 2025-05-07.
How severe is CVE-2025-20154?: High severity. CVSS v3 base score is 8.6 out of 10.