What is CVE-2025-20164?

CVE-2025-20164 is a high-severity vulnerability in Cisco Ios, classified under Missing Authorization. CVSS score: 8.3/10. Published 2025-05-07.

How severe is CVE-2025-20164?

High severity. CVSS v3 base score is 8.3 out of 10.

Auth bypass in Cisco Ios

CVE-2025-20164

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorization…

Vulnerability class: Broken Access Control

EPSS: 0.004 (59.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H.

Affected products

Cisco Ios — versions 15.0(2)SE8, 15.0(2)EA, 15.0(2)EA1

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

cisco-sa-ios-http-privesc-wCRd5e3

Frequently asked questions

What is CVE-2025-20164?: CVE-2025-20164 is a high-severity vulnerability in Cisco Ios, classified under Missing Authorization. CVSS score: 8.3/10. Published 2025-05-07.
How severe is CVE-2025-20164?: High severity. CVSS v3 base score is 8.3 out of 10.