CVE-2025-20189

A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition.

 This vulnerability is due to improper memory management when Cisco IOS XE Software is processing Address Resolution Protocol (ARP) messages. An attacker could exploit this vulnerability by sending crafted ARP messages at a high rate over a period of time to an affected device. A successful exploit could allow the attacker to exhaust system resources, which eventually triggers a reload of the active route switch processor (RSP). If a redundant RSP is not present, the router reloads.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.4 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
ciscoCNA
7.4 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
ciscoios_xe
3.16.0cs:cs
ciscoios_xe
3.16.0s:s
ciscoios_xe
3.16.1as:as
ciscoios_xe
3.16.1s:s
ciscoios_xe
3.16.2as:as
ciscoios_xe
3.16.2bs:bs
ciscoios_xe
3.16.2s:s
ciscoios_xe
3.16.3as:as
ciscoios_xe
3.16.3s:s
ciscoios_xe
3.16.4as:as
ciscoios_xe
3.16.4bs:bs
ciscoios_xe
3.16.4ds:ds
ciscoios_xe
3.16.4s:s
ciscoios_xe
3.16.5s:s
ciscoios_xe
3.16.6bs:bs
ciscoios_xe
3.16.6s:s
ciscoios_xe
3.16.7as:as
ciscoios_xe
3.16.7bs:bs
ciscoios_xe
3.16.7s:s
ciscoios_xe
3.16.8s:s
ciscoios_xe
3.16.9s:s
ciscoios_xe
3.16.10s:s
ciscoios_xe
3.17.0s:s
ciscoios_xe
3.17.1as:as
ciscoios_xe
3.17.1s:s
ciscoios_xe
3.17.2s:s
ciscoios_xe
3.17.3s:s
ciscoios_xe
3.17.4s:s
ciscoios_xe
3.18.0as:as
ciscoios_xe
3.18.0s:s
ciscoios_xe
3.18.0sp:sp
ciscoios_xe
3.18.1asp:asp
ciscoios_xe
3.18.1bsp:bsp
ciscoios_xe
3.18.1csp:csp
ciscoios_xe
3.18.1s:s
ciscoios_xe
3.18.1sp:sp
ciscoios_xe
3.18.2asp:asp
ciscoios_xe
3.18.2s:s
ciscoios_xe
3.18.2sp:sp
ciscoios_xe
3.18.3asp:asp
ciscoios_xe
3.18.3bsp:bsp
ciscoios_xe
3.18.3s:s
ciscoios_xe
3.18.3sp:sp
ciscoios_xe
3.18.4s:s
ciscoios_xe
3.18.4sp:sp
ciscoios_xe
3.18.5sp:sp
ciscoios_xe
3.18.6sp:sp
ciscoios_xe
3.18.7sp:sp
ciscoios_xe
3.18.8asp:asp
ciscoios_xe
3.18.9sp:sp
ciscoios_xe
16.1.1
ciscoios_xe
16.1.2
ciscoios_xe
16.1.3
ciscoios_xe
16.2.1
ciscoios_xe
16.2.2
ciscoios_xe
16.3.1
ciscoios_xe
16.3.1a:a
ciscoios_xe
16.3.2
ciscoios_xe
16.3.3
ciscoios_xe
16.3.4
ciscoios_xe
16.3.5
ciscoios_xe
16.3.5b:b
ciscoios_xe
16.3.6
ciscoios_xe
16.3.7
ciscoios_xe
16.3.8
ciscoios_xe
16.3.9
ciscoios_xe
16.3.10
ciscoios_xe
16.3.11
ciscoios_xe
16.4.1
ciscoios_xe
16.4.2
ciscoios_xe
16.4.3
ciscoios_xe
16.5.1
ciscoios_xe
16.5.1a:a
ciscoios_xe
16.5.1b:b
ciscoios_xe
16.5.2
ciscoios_xe
16.5.3
ciscoios_xe
16.6.1
ciscoios_xe
16.6.2
ciscoios_xe
16.6.3
ciscoios_xe
16.6.4
ciscoios_xe
16.6.4a:a
ciscoios_xe
16.6.5
ciscoios_xe
16.6.5a:a
ciscoios_xe
16.6.6
ciscoios_xe
16.6.7
ciscoios_xe
16.6.8
ciscoios_xe
16.6.9
ciscoios_xe
16.6.10
ciscoios_xe
16.7.1
ciscoios_xe
16.7.1a:a
ciscoios_xe
16.7.1b:b
ciscoios_xe
16.7.2
ciscoios_xe
16.7.3
ciscoios_xe
16.7.4
ciscoios_xe
16.8.1
ciscoios_xe
16.8.1a:a
ciscoios_xe
16.8.1b:b
ciscoios_xe
16.8.1c:c
ciscoios_xe
16.8.1d:d
ciscoios_xe
16.8.1e:e
ciscoios_xe
16.8.1s:s
ciscoios_xe
16.8.2
ciscoios_xe
16.8.3
ciscoios_xe
16.9.1
ciscoios_xe
16.9.1a:a
ciscoios_xe
16.9.1b:b
ciscoios_xe
16.9.1s:s
ciscoios_xe
16.9.2
ciscoios_xe
16.9.3
ciscoios_xe
16.9.3a:a
ciscoios_xe
16.9.4
ciscoios_xe
16.9.5
ciscoios_xe
16.9.5f:f
ciscoios_xe
16.9.6
ciscoios_xe
16.9.7
ciscoios_xe
16.9.8
ciscoios_xe
16.10.1
ciscoios_xe
16.10.1a:a
ciscoios_xe
16.10.1b:b
ciscoios_xe
16.10.1c:c
ciscoios_xe
16.10.1d:d
ciscoios_xe
16.10.1e:e
ciscoios_xe
16.10.1f:f
ciscoios_xe
16.10.1g:g
ciscoios_xe
16.10.1s:s
ciscoios_xe
16.10.2
ciscoios_xe
16.10.3
ciscoios_xe
16.11.1
ciscoios_xe
16.11.1a:a
ciscoios_xe
16.11.1b:b
ciscoios_xe
16.11.1s:s
ciscoios_xe
16.11.2
ciscoios_xe
16.12.1
ciscoios_xe
16.12.1a:a
ciscoios_xe
16.12.1c:c
ciscoios_xe
16.12.1s:s
ciscoios_xe
16.12.1t:t
ciscoios_xe
16.12.1w:w
ciscoios_xe
16.12.1x:x
ciscoios_xe
16.12.1y:y
ciscoios_xe
16.12.1z1:z1
ciscoios_xe
16.12.1z2:z2
ciscoios_xe
16.12.2
ciscoios_xe
16.12.2a:a
ciscoios_xe
16.12.2s:s
ciscoios_xe
16.12.3
ciscoios_xe
16.12.3a:a
ciscoios_xe
16.12.3s:s
ciscoios_xe
16.12.4
ciscoios_xe
16.12.4a:a
ciscoios_xe
16.12.5
ciscoios_xe
16.12.5a:a
ciscoios_xe
16.12.5b:b
ciscoios_xe
16.12.6
ciscoios_xe
16.12.6a:a
ciscoios_xe
16.12.7
ciscoios_xe
16.12.8
ciscoios_xe
16.12.9
ciscoios_xe
16.12.10
ciscoios_xe
16.12.10a:a
ciscoios_xe
16.12.11
ciscoios_xe
16.12.12
ciscoios_xe
16.12.13
ciscoios_xe
17.1.1
ciscoios_xe
17.1.1a:a
ciscoios_xe
17.1.1s:s
ciscoios_xe
17.1.1t:t
ciscoios_xe
17.1.3
ciscoios_xe
17.2.1
ciscoios_xe
17.2.1a:a
ciscoios_xe
17.2.1r:r
ciscoios_xe
17.2.1v:v
ciscoios_xe
17.2.2
ciscoios_xe
17.2.3
ciscoios_xe
17.3.1
ciscoios_xe
17.3.1a:a
ciscoios_xe
17.3.1w:w
ciscoios_xe
17.3.1x:x
ciscoios_xe
17.3.1z:z
ciscoios_xe
17.3.2
ciscoios_xe
17.3.2a:a
ciscoios_xe
17.3.3
ciscoios_xe
17.3.4
ciscoios_xe
17.3.4a:a
ciscoios_xe
17.3.4b:b
ciscoios_xe
17.3.4c:c
ciscoios_xe
17.3.5
ciscoios_xe
17.3.5a:a
ciscoios_xe
17.3.5b:b
ciscoios_xe
17.3.6
ciscoios_xe
17.3.7
ciscoios_xe
17.3.8
ciscoios_xe
17.3.8a:a
ciscoios_xe
17.4.1
ciscoios_xe
17.4.1a:a
ciscoios_xe
17.4.1b:b
ciscoios_xe
17.4.2
ciscoios_xe
17.4.2a:a
ciscoios_xe
17.5.1
ciscoios_xe
17.5.1a:a
ciscoios_xe
17.6.1
ciscoios_xe
17.6.1a:a
ciscoios_xe
17.6.1w:w
ciscoios_xe
17.6.1x:x
ciscoios_xe
17.6.1y:y
ciscoios_xe
17.6.1z:z
ciscoios_xe
17.6.1z1:z1
ciscoios_xe
17.6.2
ciscoios_xe
17.6.3
ciscoios_xe
17.6.3a:a
ciscoios_xe
17.6.4
ciscoios_xe
17.6.5
ciscoios_xe
17.6.5a:a
ciscoios_xe
17.6.6
ciscoios_xe
17.6.6a:a
ciscoios_xe
17.6.7
ciscoios_xe
17.6.8
ciscoios_xe
17.6.8a:a
ciscoios_xe
17.7.1
ciscoios_xe
17.7.1a:a
ciscoios_xe
17.7.1b:b
ciscoios_xe
17.7.2
ciscoios_xe
17.8.1
ciscoios_xe
17.8.1a:a
ciscoios_xe
17.9.1
ciscoios_xe
17.9.1a:a
ciscoios_xe
17.9.1w:w
ciscoios_xe
17.9.1x:x
ciscoios_xe
17.9.1x1:x1
ciscoios_xe
17.9.1y:y
ciscoios_xe
17.9.1y1:y1
ciscoios_xe
17.9.2
ciscoios_xe
17.9.2a:a
ciscoios_xe
17.9.3
ciscoios_xe
17.9.3a:a
ciscoios_xe
17.9.4
ciscoios_xe
17.9.4a:a
ciscoios_xe
17.9.5
ciscoios_xe
17.9.5a:a
ciscoios_xe
17.9.5b:b
ciscoios_xe
17.9.5e:e
ciscoios_xe
17.9.5f:f
ciscoios_xe
17.9.6
ciscoios_xe
17.9.6a:a
ciscoios_xe
17.10.1
ciscoios_xe
17.10.1a:a
ciscoios_xe
17.10.1b:b
ciscoios_xe
17.11.1
ciscoios_xe
17.11.1a:a
ciscoios_xe
17.12.1
ciscoios_xe
17.12.1w:w
ciscoios_xe
17.12.1x:x
ciscoios_xe
17.12.1y:y
ciscoios_xe
17.12.1z:z
ciscoios_xe
17.12.1z1:z1
ciscoios_xe
17.12.2
ciscoios_xe
17.12.2a:a
ciscoios_xe
17.12.3
ciscoios_xe
17.12.3a:a
ciscoios_xe
17.12.4
ciscoios_xe
17.12.4a:a
ciscoios_xe
17.12.4b:b
ciscoios_xe
17.13.1
ciscoios_xe
17.13.1a:a
ciscoios_xe
17.14.1
ciscoios_xe
17.14.1a:a
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ