On March 12, 2025, Cisco disclosed a significant vulnerability ”CVE-2025-20115” affecting its IOS XR Software’s Border Gateway Protocol (BGP) confederation implementation. This flaw, assigned a CVSS score of 8.6, could allow unauthenticated, remote attackers to cause a denial-of-service (DoS) condition on affected devices.
Root Cause and Potential Impact
The vulnerability stems from memory corruption that occurs when a BGP update contains an AS_CONFED_SEQUENCE attribute with 255 or more autonomous system (AS) numbers. An attacker exploiting this flaw could send a crafted BGP update message, leading to memory corruption and subsequent BGP process restarts, effectively disrupting network operations.
Affected Cisco IOS XR Software Versions
Devices running Cisco IOS XR Software with BGP confederation configured are susceptible to this vulnerability. Specifically, the affected versions include:
- 7.11 and earlier
- 24.1 and earlier
- 24.2 up to 24.2.20
It’s crucial to note that versions 24.3.1 and 24.4 are not affected.
Mitigation Steps
To address this vulnerability, Cisco recommends the following actions:
1. Software Upgrade: Update to a fixed software release. For instance:
- 24.2 users should upgrade to 24.2.21 (forthcoming release).
- 24.3 users should upgrade to 24.3.1.
- 24.4 users are already on a non-affected version.
2. Workaround: If immediate upgrading isn’t feasible, implement a routing policy to drop BGP updates with AS path lengths of 255 or more on confederation peers. This involves creating a policy that filters out excessively long AS paths, thereby mitigating the risk.
Conclusion
Organizations utilizing Cisco IOS XR Software with BGP confederation should promptly assess their exposure to CVE-2025-20115. Applying the recommended software updates or implementing the suggested workarounds is essential to safeguard network stability and integrity. For comprehensive details and guidance, refer to Cisco’s official security advisory.
