Updates have been issued by Cisco to address three vulnerabilities impacting its IOS XR software, SecurityWeek reports.Most serious of the fixed flaws is a high-severity issue within Cisco IOS XR's implementation of Address Resolution Protocol, tracked as CVE-2025-20340, which could be harnessed to facilitate denial-of-service."Under certain conditions, an attacker could exploit this vulnerability by sending an excessive amount of traffic to the management interface of an affected device, overwhelming its ARP processing capabilities," said Cisco.Also patched were the medium-severity installation process bug, tracked as CVE-2025-20248, which could be exploited to circumvent the verification of image signatures, and the medium-severity ACL processing defect, tracked as CVE-2025-20159, which could be leveraged to enable remote traffic delivery and configured ACL evasion.Despite the lack of evidence indicating active exploitation of any of the bugs, Cisco has recommended the immediate remediation of all of the named vulnerabilities.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds