CVE-2025-20315HIGH 8.6EPSS p32.1%

CVE-2025-20315CVE-2025-20315

Description

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing a denial of service (DoS) condition. This vulnerability is due to improper handling of malformed Control and Provisioning of Wireless Access Points (CAPWAP) packets. An attacker could exploit this vulnerability by sending malformed CAPWAP packets through an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS0.40% probability of exploitation · percentile 32.1% · 2026-06-19T12:03:05Z
Published2025-09-24
Last modified2026-04-15

Underlying weaknesses· 1

CWE-805

References

  1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nbar-dos-LAvwTmeT

1

TypeTargetConfidenceTier
WeaknessBuffer Access with Incorrect Length Valuecwe-8050%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-20086
CVE
CVE-2025-20253
CVE
CVE-2025-20243
CVE
CVE-2025-20152
CVE
CVE-2025-20154
CVE
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.