CVE-2025-20241
CVE-2025-20241 is a high-severity vulnerability with a CVSS 3.x base score of 7.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-733.
Key facts
- Severity: High (CVSS 3.x base score 7.4)
- EPSS exploit prediction: 0% (18th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-27686
- Weakness: CWE-733
- Published:
- Last modified:
Description
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause the unexpected restart of the IS-IS process, which could cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device.
Frequently asked questions
- What is CVE-2025-20241?
- A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause the unexpected restart of the IS-IS process, which could cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device.
- How severe is CVE-2025-20241?
- CVE-2025-20241 has a CVSS 3.x base score of 7.4, rated high severity. It is exploitable over an adjacent network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2025-20241 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (18th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-20241?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2025-20241 have an EU (EUVD) identifier?
- Yes. CVE-2025-20241 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-27686.
- When was CVE-2025-20241 published?
- CVE-2025-20241 was published on 2025-08-27 and last updated on 2026-06-17.
References
Other CWE-733 vulnerabilities
- CVE-2025-13024 — Critical (CVSS 9.8): JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 145 and Thunderbird…
- CVE-2025-52496 — High (CVSS 7.8): Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may…
- CVE-2020-15294 — High (CVSS 7.8): Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results…
- CVE-2024-58262 — Low (CVSS 2.9): The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is…