Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-20312

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-24 Sep, 2025 | 17:11
Updated At-24 Sep, 2025 | 18:14
Rejected At-
Credits

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when parsing a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:24 Sep, 2025 | 17:11
Updated At:24 Sep, 2025 | 18:14
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when parsing a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco IOS XE Software
Versions
Affected
  • 17.2.1
  • 17.2.1r
  • 17.2.1a
  • 17.2.1v
  • 17.2.2
  • 17.2.3
  • 17.3.1
  • 17.3.2
  • 17.3.3
  • 17.3.1a
  • 17.3.1w
  • 17.3.2a
  • 17.3.1x
  • 17.3.1z
  • 17.3.4
  • 17.3.5
  • 17.3.4a
  • 17.3.6
  • 17.3.4b
  • 17.3.4c
  • 17.3.5a
  • 17.3.5b
  • 17.3.7
  • 17.3.8
  • 17.3.8a
  • 17.4.1
  • 17.4.2
  • 17.4.1a
  • 17.4.1b
  • 17.4.2a
  • 17.5.1
  • 17.5.1a
  • 17.6.1
  • 17.6.2
  • 17.6.1w
  • 17.6.1a
  • 17.6.1x
  • 17.6.3
  • 17.6.1y
  • 17.6.1z
  • 17.6.3a
  • 17.6.4
  • 17.6.1z1
  • 17.6.5
  • 17.6.6
  • 17.6.6a
  • 17.6.5a
  • 17.6.7
  • 17.6.8
  • 17.6.8a
  • 17.7.1
  • 17.7.1a
  • 17.7.1b
  • 17.7.2
  • 17.10.1
  • 17.10.1a
  • 17.10.1b
  • 17.8.1
  • 17.8.1a
  • 17.9.1
  • 17.9.1w
  • 17.9.2
  • 17.9.1a
  • 17.9.1x
  • 17.9.1y
  • 17.9.3
  • 17.9.2a
  • 17.9.1x1
  • 17.9.3a
  • 17.9.4
  • 17.9.1y1
  • 17.9.5
  • 17.9.4a
  • 17.9.5a
  • 17.9.5b
  • 17.9.6
  • 17.9.6a
  • 17.9.7
  • 17.9.5e
  • 17.9.5f
  • 17.9.7a
  • 17.9.7b
  • 17.11.1
  • 17.11.1a
  • 17.12.1
  • 17.12.1w
  • 17.12.1a
  • 17.12.1x
  • 17.12.2
  • 17.12.3
  • 17.12.2a
  • 17.12.1y
  • 17.12.1z
  • 17.12.4
  • 17.12.3a
  • 17.12.1z1
  • 17.12.1z2
  • 17.12.4a
  • 17.12.5
  • 17.12.4b
  • 17.12.1z3
  • 17.12.5a
  • 17.12.1z4
  • 17.12.5b
  • 17.12.5c
  • 17.13.1
  • 17.13.1a
  • 17.14.1
  • 17.14.1a
  • 17.15.1
  • 17.15.1w
  • 17.15.1a
  • 17.15.2
  • 17.15.1b
  • 17.15.1x
  • 17.15.1z
  • 17.15.3
  • 17.15.2c
  • 17.15.2a
  • 17.15.1y
  • 17.15.2b
  • 17.15.3a
  • 17.15.3b
  • 17.16.1
  • 17.16.1a
  • 17.17.1
Problem Types
TypeCWE IDDescription
cweCWE-835Loop with Unreachable Exit Condition ('Infinite Loop')
Type: cwe
CWE ID: CWE-835
Description: Loop with Unreachable Exit Condition ('Infinite Loop')
Metrics
VersionBase scoreBase severityVector
3.17.7HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpwred-x3MJyf5M
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpwred-x3MJyf5M
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:24 Sep, 2025 | 18:15
Updated At:26 Sep, 2025 | 14:32

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when parsing a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.7HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-835Primarypsirt@cisco.com
CWE ID: CWE-835
Type: Primary
Source: psirt@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpwred-x3MJyf5Mpsirt@cisco.com
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpwred-x3MJyf5M
Source: psirt@cisco.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

54Records found
CVE-2025-20136
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.07% / 20.34%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 16:28
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Network Address Translation DNS Inspection Denial of Service Vulnerability

A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.  This vulnerability is due to an infinite loop condition that occurs when a Cisco Secure ASA or Cisco Secure FTD device processes DNS packets with DNS inspection enabled and the device is configured for NAT44, NAT64, or NAT46. An attacker could exploit this vulnerability by sending crafted DNS packets that match a static NAT rule with DNS inspection enabled through an affected device. A successful exploit could allow the attacker to create an infinite loop and cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Adaptive Security Appliance (ASA) SoftwareCisco Firepower Threat Defense Software
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2025-20253
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.06% / 19.62%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 16:29
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS, IOS XE, Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability

A vulnerability in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA Software, and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is due to the improper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to cause an infinite loop that exhausts resources and could cause the device to reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Adaptive Security Appliance (ASA) SoftwareCisco Firepower Threat Defense Software
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2025-20217
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.07% / 20.34%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 16:28
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Intrusion Detection Denial of Service Vulnerability

A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of traffic that is inspected by an affected device. An attacker could exploit this vulnerability by sending crafted traffic through the affected device. A successful exploit could allow the attacker to cause the affected device to enter an infinite loop while inspecting traffic, resulting in a DoS condition. The system watchdog will restart the Snort process automatically.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Firepower Threat Defense Software
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-3900
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.21% / 42.82%
||
7 Day CHG~0.00%
Published-25 Apr, 2019 | 14:41
Updated-04 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.

Action-Not Available
Vendor-Fedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-ubuntu_linuxvirtual_storage_console_for_vmware_vspheredebian_linuxlinux_kernelcn1610sd-wan_edgehci_management_nodefedoraenterprise_linuxvasa_provider_for_clustered_data_ontapcn1610_firmwareactive_iq_unified_manager_for_vmware_vspheresnapprotectsolidfirestorage_replication_adapter_for_clustered_data_ontap_for_vmware_vsphereKernel
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
  • Previous
  • 1
  • 2
  • Next
Details not found