What is CVE-2025-20177?

CVE-2025-20177 is a medium-severity vulnerability in Cisco 8011-4g24y4h-i, classified under Improper Handling of Insufficient Privileges. CVSS score: 6.7/10. Published 2025-03-12.

How severe is CVE-2025-20177?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Vulnerability in Cisco 8011-4g24y4h-i

CVE-2025-20177

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability…

EPSS: 0.001 (4.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco 8011-4g24y4h-i
Cisco 8101-32fh
Cisco 8101-32fh-o
Cisco 8101-32h-o
Cisco 8102-28fh-dpu-o
Cisco 8102-64h
Cisco 8102-64h-o
Cisco 8111-32eh-o
Cisco 8122-64ehf-o
Cisco 8122-64eh-o

Weakness classification (CWE)

CWE-274 — Improper Handling of Insufficient Privileges

References

psirt@cisco.com (Vendor Advisory)
psirt@cisco.com (Product)

Frequently asked questions

What is CVE-2025-20177?: CVE-2025-20177 is a medium-severity vulnerability in Cisco 8011-4g24y4h-i, classified under Improper Handling of Insufficient Privileges. CVSS score: 6.7/10. Published 2025-03-12.
How severe is CVE-2025-20177?: Medium severity. CVSS v3 base score is 6.7 out of 10.