CVE-2025-20181 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2025-20181

Analyzed

More Info Official Page

Source-psirt@cisco.com

Published At-07 May, 2025 | 18:15

Updated At-04 Aug, 2025 | 18:51

A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to missing signature verification for specific files that may be loaded during the device boot process. An attacker could exploit this vulnerability by placing a crafted file into a specific location on an affected device. A successful exploit could allow the attacker to execute arbitrary code at boot time. Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.0	6.8	MEDIUM	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Cisco Systems, Inc.

>>ios>>15.0\(1\)ex

cpe:2.3:o:cisco:ios:15.0\(1\)ex:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)ey

cpe:2.3:o:cisco:ios:15.0\(1\)ey:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)ey1

cpe:2.3:o:cisco:ios:15.0\(1\)ey1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)ey2

cpe:2.3:o:cisco:ios:15.0\(1\)ey2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)xo

cpe:2.3:o:cisco:ios:15.0\(1\)xo:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)xo1

cpe:2.3:o:cisco:ios:15.0\(1\)xo1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)ex

cpe:2.3:o:cisco:ios:15.0\(2\)ex:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)ex1

cpe:2.3:o:cisco:ios:15.0\(2\)ex1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)ex2

cpe:2.3:o:cisco:ios:15.0\(2\)ex2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)ex3

cpe:2.3:o:cisco:ios:15.0\(2\)ex3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)ex4

cpe:2.3:o:cisco:ios:15.0\(2\)ex4:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)ex5

cpe:2.3:o:cisco:ios:15.0\(2\)ex5:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)ex8

cpe:2.3:o:cisco:ios:15.0\(2\)ex8:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)ex10

cpe:2.3:o:cisco:ios:15.0\(2\)ex10:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)ex11

cpe:2.3:o:cisco:ios:15.0\(2\)ex11:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)ex12

cpe:2.3:o:cisco:ios:15.0\(2\)ex12:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)ex13

cpe:2.3:o:cisco:ios:15.0\(2\)ex13:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)se8

cpe:2.3:o:cisco:ios:15.0\(2\)se8:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)sqd

cpe:2.3:o:cisco:ios:15.0\(2\)sqd:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)sqd1

cpe:2.3:o:cisco:ios:15.0\(2\)sqd1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)sqd2

cpe:2.3:o:cisco:ios:15.0\(2\)sqd2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)sqd3

cpe:2.3:o:cisco:ios:15.0\(2\)sqd3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)sqd4

cpe:2.3:o:cisco:ios:15.0\(2\)sqd4:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)sqd5

cpe:2.3:o:cisco:ios:15.0\(2\)sqd5:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)sqd6

cpe:2.3:o:cisco:ios:15.0\(2\)sqd6:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)sqd7

cpe:2.3:o:cisco:ios:15.0\(2\)sqd7:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)sqd8

cpe:2.3:o:cisco:ios:15.0\(2\)sqd8:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2\)xo

cpe:2.3:o:cisco:ios:15.0\(2\)xo:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(2a\)ex5

cpe:2.3:o:cisco:ios:15.0\(2a\)ex5:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(2\)e

cpe:2.3:o:cisco:ios:15.2\(2\)e:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(2\)e1

cpe:2.3:o:cisco:ios:15.2\(2\)e1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(2\)e2

cpe:2.3:o:cisco:ios:15.2\(2\)e2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(2\)e3

cpe:2.3:o:cisco:ios:15.2\(2\)e3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(2\)e4

cpe:2.3:o:cisco:ios:15.2\(2\)e4:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(2\)e5

cpe:2.3:o:cisco:ios:15.2\(2\)e5:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(2\)e5a

cpe:2.3:o:cisco:ios:15.2\(2\)e5a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(2\)e5b

cpe:2.3:o:cisco:ios:15.2\(2\)e5b:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(2\)e6

cpe:2.3:o:cisco:ios:15.2\(2\)e6:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(2\)e7

cpe:2.3:o:cisco:ios:15.2\(2\)e7:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(2\)e8

cpe:2.3:o:cisco:ios:15.2\(2\)e8:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(2\)e9

cpe:2.3:o:cisco:ios:15.2\(2\)e9:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(2\)e10

cpe:2.3:o:cisco:ios:15.2\(2\)e10:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(2a\)e1

cpe:2.3:o:cisco:ios:15.2\(2a\)e1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(2a\)e2

cpe:2.3:o:cisco:ios:15.2\(2a\)e2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(3\)e

cpe:2.3:o:cisco:ios:15.2\(3\)e:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(3\)e1

cpe:2.3:o:cisco:ios:15.2\(3\)e1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(3\)e2

cpe:2.3:o:cisco:ios:15.2\(3\)e2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(3\)e3

cpe:2.3:o:cisco:ios:15.2\(3\)e3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(3\)e4

cpe:2.3:o:cisco:ios:15.2\(3\)e4:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.2\(3a\)e

cpe:2.3:o:cisco:ios:15.2\(3a\)e:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-347	Primary	psirt@cisco.com

References

Hyperlink	Source	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960-3560-sboot-ZtqADrHq	psirt@cisco.com	Vendor Advisory