CVE-2025-20196

EUVD-2025-13896

07.05.2025, 18:15

A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service (DoS) condition.

 This vulnerability is due to the improper handling of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to cause the Cisco IOx application hosting environment to stop responding. The IOx process will need to be manually restarted to recover services.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
cisco	CNA	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 49%

Affected Products (NVD)

Vendor	Product	Version
cisco	ios_xe	16.1.1
cisco	ios_xe	16.1.2
cisco	ios_xe	16.1.3
cisco	ios_xe	16.2.1
cisco	ios_xe	16.2.2
cisco	ios_xe	16.3.1
cisco	ios_xe	16.3.1a:a
cisco	ios_xe	16.3.2
cisco	ios_xe	16.3.3
cisco	ios_xe	16.3.4
cisco	ios_xe	16.3.5
cisco	ios_xe	16.3.5b:b
cisco	ios_xe	16.3.6
cisco	ios_xe	16.3.7
cisco	ios_xe	16.3.8
cisco	ios_xe	16.3.9
cisco	ios_xe	16.3.10
cisco	ios_xe	16.3.11
cisco	ios_xe	16.4.1
cisco	ios_xe	16.4.2
cisco	ios_xe	16.4.3
cisco	ios_xe	16.5.1
cisco	ios_xe	16.5.1a:a
cisco	ios_xe	16.5.1b:b
cisco	ios_xe	16.5.2
cisco	ios_xe	16.5.3
cisco	ios_xe	17.1.1
cisco	ios_xe	17.1.1a:a
cisco	ios_xe	17.1.1s:s
cisco	ios_xe	17.1.1t:t
cisco	ios_xe	17.1.3
cisco	ios_xe	17.2.1
cisco	ios_xe	17.2.1a:a
cisco	ios_xe	17.2.1r:r
cisco	ios_xe	17.2.1v:v
cisco	ios_xe	17.2.2
cisco	ios_xe	17.2.3
cisco	ios_xe	17.3.1
cisco	ios_xe	17.3.1a:a
cisco	ios_xe	17.3.1w:w
cisco	ios_xe	17.3.1x:x
cisco	ios_xe	17.3.1z:z
cisco	ios_xe	17.3.2
cisco	ios_xe	17.3.2a:a
cisco	ios_xe	17.3.3
cisco	ios_xe	17.3.4
cisco	ios_xe	17.3.4a:a
cisco	ios_xe	17.3.4b:b
cisco	ios_xe	17.3.4c:c
cisco	ios_xe	17.3.5
cisco	ios_xe	17.3.5a:a
cisco	ios_xe	17.3.5b:b
cisco	ios_xe	17.3.6
cisco	ios_xe	17.3.7
cisco	ios_xe	17.3.8
cisco	ios_xe	17.3.8a:a
cisco	ios_xe	17.4.1
cisco	ios_xe	17.4.1a:a
cisco	ios_xe	17.4.1b:b
cisco	ios_xe	17.4.2
cisco	ios_xe	17.4.2a:a
cisco	ios_xe	17.5.1
cisco	ios_xe	17.5.1a:a
cisco	ios_xe	17.6.1
cisco	ios_xe	17.6.1a:a
cisco	ios_xe	17.6.1w:w
cisco	ios_xe	17.6.1x:x
cisco	ios_xe	17.6.1y:y
cisco	ios_xe	17.6.1z:z
cisco	ios_xe	17.6.1z1:z1
cisco	ios_xe	17.6.2
cisco	ios_xe	17.6.3
cisco	ios_xe	17.6.3a:a
cisco	ios_xe	17.6.4
cisco	ios_xe	17.6.5
cisco	ios_xe	17.6.5a:a
cisco	ios_xe	17.6.6
cisco	ios_xe	17.6.6a:a
cisco	ios_xe	17.6.7
cisco	ios_xe	17.6.8
cisco	ios_xe	17.6.8a:a
cisco	ios_xe	17.7.1
cisco	ios_xe	17.7.1a:a
cisco	ios_xe	17.7.1b:b
cisco	ios_xe	17.7.2
cisco	ios_xe	17.8.1
cisco	ios_xe	17.8.1a:a
cisco	ios_xe	17.9.1
cisco	ios_xe	17.9.1a:a
cisco	ios_xe	17.9.1w:w
cisco	ios_xe	17.9.1x:x
cisco	ios_xe	17.9.1x1:x1
cisco	ios_xe	17.9.1y:y
cisco	ios_xe	17.9.1y1:y1
cisco	ios_xe	17.9.2
cisco	ios_xe	17.9.2a:a
cisco	ios_xe	17.9.3
cisco	ios_xe	17.9.3a:a
cisco	ios_xe	17.9.4
cisco	ios_xe	17.9.4a:a
cisco	ios_xe	17.9.5
cisco	ios_xe	17.9.5a:a
cisco	ios_xe	17.9.5b:b
cisco	ios_xe	17.9.5e:e
cisco	ios_xe	17.9.5f:f
cisco	ios_xe	17.9.6
cisco	ios_xe	17.9.6a:a
cisco	ios_xe	17.10.1
cisco	ios_xe	17.10.1a:a
cisco	ios_xe	17.10.1b:b
cisco	ios_xe	17.11.1
cisco	ios_xe	17.11.1a:a
cisco	ios_xe	17.11.99sw:sw
cisco	ios_xe	17.12.1
cisco	ios_xe	17.12.1a:a
cisco	ios_xe	17.12.1w:w
cisco	ios_xe	17.12.1x:x
cisco	ios_xe	17.12.1y:y
cisco	ios_xe	17.12.1z:z
cisco	ios_xe	17.12.1z1:z1
cisco	ios_xe	17.12.1z2:z2
cisco	ios_xe	17.12.1z4:z4
cisco	ios_xe	17.12.2
cisco	ios_xe	17.12.2a:a
cisco	ios_xe	17.12.3
cisco	ios_xe	17.12.3a:a
cisco	ios_xe	17.12.4
cisco	ios_xe	17.12.4a:a
cisco	ios_xe	17.12.4b:b
cisco	ios_xe	17.13.1
cisco	ios_xe	17.13.1a:a
cisco	ios_xe	17.14.1
cisco	ios_xe	17.14.1a:a
cisco	ios_xe	17.15.2
cisco	ios_xe	17.15.2a:a
cisco	ios_xe	17.15.2b:b
cisco	ios_xe	17.15.2c:c
cisco	cgr1000_firmware	𝑥 < 15.9\(3\)m12
cisco	ir510_wpan_firmware	-
cisco	ic3000_industrial_compute_gateway_firmware	𝑥 < 1.5.2
cisco	807_industrial_integrated_services_router_firmware	𝑥 < 15.9\(3\)m11
cisco	809_industrial_integrated_services_router_firmware	𝑥 < 15.9\(3\)m11
cisco	829_industrial_integrated_services_router_firmware	𝑥 < 15.9\(3\)m11
cisco	ios_xe	𝑥 < 17.15.2

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
cisco	ios	16.1.1	CNA
cisco	ios	16.1.2	CNA
cisco	ios	16.1.3	CNA
cisco	ios	16.2.1	CNA
cisco	ios	16.2.2	CNA
cisco	ios	16.3.1	CNA
cisco	ios	16.3.2	CNA
cisco	ios	16.3.3	CNA
cisco	ios	16.3.1a	CNA
cisco	ios	16.3.4	CNA
cisco	ios	16.3.5	CNA
cisco	ios	16.3.5b	CNA
cisco	ios	16.3.6	CNA
cisco	ios	16.3.7	CNA
cisco	ios	16.3.8	CNA
cisco	ios	16.3.9	CNA
cisco	ios	16.3.10	CNA
cisco	ios	16.3.11	CNA
cisco	ios	16.4.1	CNA
cisco	ios	16.4.2	CNA
cisco	ios	16.4.3	CNA
cisco	ios	16.5.1	CNA
cisco	ios	16.5.1a	CNA
cisco	ios	16.5.1b	CNA
cisco	ios	16.5.2	CNA
cisco	ios	16.5.3	CNA
cisco	ios	17.1.1	CNA
cisco	ios	17.1.1a	CNA
cisco	ios	17.1.1s	CNA
cisco	ios	17.1.1t	CNA
cisco	ios	17.1.3	CNA
cisco	ios	17.2.1	CNA
cisco	ios	17.2.1r	CNA
cisco	ios	17.2.1a	CNA
cisco	ios	17.2.1v	CNA
cisco	ios	17.2.2	CNA
cisco	ios	17.2.3	CNA
cisco	ios	17.3.1	CNA
cisco	ios	17.3.2	CNA
cisco	ios	17.3.3	CNA
cisco	ios	17.3.1a	CNA
cisco	ios	17.3.1w	CNA
cisco	ios	17.3.2a	CNA
cisco	ios	17.3.1x	CNA
cisco	ios	17.3.1z	CNA
cisco	ios	17.3.4	CNA
cisco	ios	17.3.5	CNA
cisco	ios	17.3.4a	CNA
cisco	ios	17.3.6	CNA
cisco	ios	17.3.4b	CNA
cisco	ios	17.3.4c	CNA
cisco	ios	17.3.5a	CNA
cisco	ios	17.3.5b	CNA
cisco	ios	17.3.7	CNA
cisco	ios	17.3.8	CNA
cisco	ios	17.3.8a	CNA
cisco	ios	17.4.1	CNA
cisco	ios	17.4.2	CNA
cisco	ios	17.4.1a	CNA
cisco	ios	17.4.1b	CNA
cisco	ios	17.4.2a	CNA
cisco	ios	17.5.1	CNA
cisco	ios	17.5.1a	CNA
cisco	ios	17.6.1	CNA
cisco	ios	17.6.2	CNA
cisco	ios	17.6.1w	CNA
cisco	ios	17.6.1a	CNA
cisco	ios	17.6.1x	CNA
cisco	ios	17.6.3	CNA
cisco	ios	17.6.1y	CNA
cisco	ios	17.6.1z	CNA
cisco	ios	17.6.3a	CNA
cisco	ios	17.6.4	CNA
cisco	ios	17.6.1z1	CNA
cisco	ios	17.6.5	CNA
cisco	ios	17.6.6	CNA
cisco	ios	17.6.6a	CNA
cisco	ios	17.6.5a	CNA
cisco	ios	17.6.7	CNA
cisco	ios	17.6.8	CNA
cisco	ios	17.6.8a	CNA
cisco	ios	17.7.1	CNA
cisco	ios	17.7.1a	CNA
cisco	ios	17.7.1b	CNA
cisco	ios	17.7.2	CNA
cisco	ios	17.10.1	CNA
cisco	ios	17.10.1a	CNA
cisco	ios	17.10.1b	CNA
cisco	ios	17.8.1	CNA
cisco	ios	17.8.1a	CNA
cisco	ios	17.9.1	CNA
cisco	ios	17.9.1w	CNA
cisco	ios	17.9.2	CNA
cisco	ios	17.9.1a	CNA
cisco	ios	17.9.1x	CNA
cisco	ios	17.9.1y	CNA
cisco	ios	17.9.3	CNA
cisco	ios	17.9.2a	CNA
cisco	ios	17.9.1x1	CNA
cisco	ios	17.9.3a	CNA
cisco	ios	17.9.4	CNA
cisco	ios	17.9.1y1	CNA
cisco	ios	17.9.5	CNA
cisco	ios	17.9.4a	CNA
cisco	ios	17.9.5a	CNA
cisco	ios	17.9.5b	CNA
cisco	ios	17.9.6	CNA
cisco	ios	17.9.6a	CNA
cisco	ios	17.9.5e	CNA
cisco	ios	17.9.5f	CNA
cisco	ios	17.11.1	CNA
cisco	ios	17.11.1a	CNA
cisco	ios	17.12.1	CNA
cisco	ios	17.12.1w	CNA
cisco	ios	17.12.1a	CNA
cisco	ios	17.12.1x	CNA
cisco	ios	17.12.2	CNA
cisco	ios	17.12.3	CNA
cisco	ios	17.12.2a	CNA
cisco	ios	17.12.1y	CNA
cisco	ios	17.12.1z	CNA
cisco	ios	17.12.4	CNA
cisco	ios	17.12.3a	CNA
cisco	ios	17.12.1z1	CNA
cisco	ios	17.12.1z2	CNA
cisco	ios	17.12.4a	CNA
cisco	ios	17.12.4b	CNA
cisco	ios	17.12.1z4	CNA
cisco	ios	17.13.1	CNA
cisco	ios	17.13.1a	CNA
cisco	ios	17.14.1	CNA
cisco	ios	17.14.1a	CNA
cisco	ios	17.15.2	CNA
cisco	ios	17.15.2c	CNA
cisco	ios	17.15.2a	CNA
cisco	ios	17.15.2b	CNA

Common Weakness Enumeration

CWE-307 - Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-dos-95Fqnf7b