- Description
- A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands.
- Source
- psirt@cisco.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 6
- Exploitability score
- 2
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
- psirt@cisco.com
- CWE-78
- Hype score
- Not currently trending
🚨 Critical Vulnerability Alert for Cisco IOS XR Software! 🚨 A new OS command injection vulnerability, CVE-2025-20138, has been discovered in Cisco IOS XR Software that could allow a local, authenticated attacker with low privileges to execute arbitrary commands with root-level
@TheSecMaster1
19 Mar 2025
686 Impressions
3 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
isco corrige vulnerabilidad grave en IOS XR (CVE-2025-20138). Cisco detalla una vulnerabilidad grave, identificada como CVE-2025-20138 y tiene una puntuación CVSS de 8,8, lo que indica un riesgo significativo. #ciberseguridad #CyberSecurity https://t.co/KEZCAuPihk https://t.co/C
@EHCGroup
14 Mar 2025
66 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cisco alerts about a critical vulnerability (CVE-2025-20138) in IOS XR Software, with a CVSS score of 8.8. Immediate updates are essential for affected systems. Risk of privilege escalation is significant. 🔒 #Cisco #IOSXR #USA link: https://t.co/KPfl2Q9pmo https://t.co/POAA9
@TweetThreatNews
13 Mar 2025
14 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Cisco Issues High-Severity Security Alert for IOS XR Software (CVE-2025-20138) https://t.co/2KhDifv7Ui
@Dinosn
13 Mar 2025
3134 Impressions
8 Retweets
22 Likes
8 Bookmarks
0 Replies
2 Quotes
�� CVE-2025-20138 - Cisco IOS XR Software - HIGH 🚨 🗓️ Date published 2025-03-12 16:15:21 UTC #CiscoIOSXRSoftware #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/0EVRhXxuEO
@vulns_space
12 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-20138: HIGH] Cisco IOS XR Software contains a critical vulnerability allowing local attackers to execute commands as root, due to lack of validation in CLI commands, escalating privileges.#cybersecurity,#vulnerability https://t.co/CuaUjoP8Gk https://t.co/zfSnQvsrm0
@CveFindCom
12 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes