CVE-2025-20311

EUVD-2025-31032
A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to become blocked and drop all outbound traffic.

 This vulnerability is due to improper handling of crafted Ethernet frames. An attacker could exploit this vulnerability by sending crafted Ethernet frames through an affected switch. A successful exploit could allow the attacker to cause the egress port to which the crafted frame is forwarded to start dropping all frames, resulting in a denial of service (DoS) condition.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ciscoCNA
7.4 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
ciscoios_xe
16.6.1
CNA
ciscoios_xe
16.6.2
CNA
ciscoios_xe
16.6.3
CNA
ciscoios_xe
16.6.4
CNA
ciscoios_xe
16.6.5
CNA
ciscoios_xe
16.6.4a
CNA
ciscoios_xe
16.6.6
CNA
ciscoios_xe
16.6.7
CNA
ciscoios_xe
16.6.8
CNA
ciscoios_xe
16.6.9
CNA
ciscoios_xe
16.6.10
CNA
ciscoios_xe
16.7.1
CNA
ciscoios_xe
16.8.1
CNA
ciscoios_xe
16.8.1a
CNA
ciscoios_xe
16.8.1s
CNA
ciscoios_xe
16.9.1
CNA
ciscoios_xe
16.9.2
CNA
ciscoios_xe
16.9.1s
CNA
ciscoios_xe
16.9.3
CNA
ciscoios_xe
16.9.4
CNA
ciscoios_xe
16.9.5
CNA
ciscoios_xe
16.9.6
CNA
ciscoios_xe
16.9.7
CNA
ciscoios_xe
16.9.8
CNA
ciscoios_xe
16.10.1
CNA
ciscoios_xe
16.10.1s
CNA
ciscoios_xe
16.10.1e
CNA
ciscoios_xe
16.11.1
CNA
ciscoios_xe
16.11.1b
CNA
ciscoios_xe
16.11.1s
CNA
ciscoios_xe
16.12.1
CNA
ciscoios_xe
16.12.1s
CNA
ciscoios_xe
16.12.1c
CNA
ciscoios_xe
16.12.2
CNA
ciscoios_xe
16.12.3
CNA
ciscoios_xe
16.12.8
CNA
ciscoios_xe
16.12.2s
CNA
ciscoios_xe
16.12.4
CNA
ciscoios_xe
16.12.3s
CNA
ciscoios_xe
16.12.3a
CNA
ciscoios_xe
16.12.4a
CNA
ciscoios_xe
16.12.5
CNA
ciscoios_xe
16.12.6
CNA
ciscoios_xe
16.12.5b
CNA
ciscoios_xe
16.12.6a
CNA
ciscoios_xe
16.12.7
CNA
ciscoios_xe
16.12.14
CNA
ciscoios_xe
17.1.1
CNA
ciscoios_xe
17.1.1s
CNA
ciscoios_xe
17.1.1t
CNA
ciscoios_xe
17.1.3
CNA
ciscoios_xe
17.2.1
CNA
ciscoios_xe
17.2.1a
CNA
ciscoios_xe
17.3.1
CNA
ciscoios_xe
17.3.2
CNA
ciscoios_xe
17.3.3
CNA
ciscoios_xe
17.3.2a
CNA
ciscoios_xe
17.3.4
CNA
ciscoios_xe
17.3.5
CNA
ciscoios_xe
17.3.6
CNA
ciscoios_xe
17.3.4b
CNA
ciscoios_xe
17.3.7
CNA
ciscoios_xe
17.3.8
CNA
ciscoios_xe
17.3.8a
CNA
ciscoios_xe
17.4.1
CNA
ciscoios_xe
17.5.1
CNA
ciscoios_xe
17.6.1
CNA
ciscoios_xe
17.6.2
CNA
ciscoios_xe
17.6.3
CNA
ciscoios_xe
17.6.1y
CNA
ciscoios_xe
17.6.4
CNA
ciscoios_xe
17.6.5
CNA
ciscoios_xe
17.6.6
CNA
ciscoios_xe
17.6.6a
CNA
ciscoios_xe
17.6.5a
CNA
ciscoios_xe
17.6.7
CNA
ciscoios_xe
17.6.8
CNA
ciscoios_xe
17.7.1
CNA
ciscoios_xe
17.10.1
CNA
ciscoios_xe
17.10.1b
CNA
ciscoios_xe
17.8.1
CNA
ciscoios_xe
17.9.1
CNA
ciscoios_xe
17.9.2
CNA
ciscoios_xe
17.9.3
CNA
ciscoios_xe
17.9.4
CNA
ciscoios_xe
17.9.5
CNA
ciscoios_xe
17.9.4a
CNA
ciscoios_xe
17.9.6
CNA
ciscoios_xe
17.9.6a
CNA
ciscoios_xe
17.11.1
CNA
ciscoios_xe
17.12.1
CNA
ciscoios_xe
17.12.2
CNA
ciscoios_xe
17.12.3
CNA
ciscoios_xe
17.12.4
CNA
ciscoios_xe
17.12.1z3
CNA
ciscoios_xe
17.13.1
CNA
ciscoios_xe
17.14.1
CNA
ciscoios_xe
17.15.1
CNA
ciscoios_xe
17.15.2
CNA
ciscoios_xe
17.15.2a
CNA
ciscoios_xe
17.15.2b
CNA
ciscoios_xe
17.16.1
CNA
Common Weakness Enumeration
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat9k-PtmD7bgy