Security updates: Root vulnerability threatens Cisco ASR routers

Network equipment supplier Cisco has closed several vulnerabilities that attackers can use to attack ASR routers, for example.

Vulnerabilities threaten Cisco devices.

(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)

Mar 13, 2025 at 11:28 am CET

2 min. read

Security

By

Dennis Schirrmacher

Cisco's network operating system IOS XR is vulnerable. As a result, attackers can attack Aggregation Services Routers (ASR) of the ASR-9000 series, for example. Security patches are available for download. Admins can find information on the security updates in the warning messages linked below this article.

Root attack

A vulnerability (CVE-2025-20138 “high”) is considered to be particularly dangerous, after successful exploitation of which attackers can access the operating system as root. As a rule, devices are then considered fully compromised.

However, according to a Cisco article, a local attacker must already be authenticated with a low-privileged account. If this is the case, they can upgrade their rights to root due to insufficient checks and execute their commands.

Software crashes

In addition, DoS attacks are possible at several points (e.g., CVE-2025-20115 “high”). At this point, attackers can use prepared requests on the Border Gateway Protocol (BGP) to trigger memory errors. This usually leads to crashes.

Videos by heise

Attackers can also bypass the Secure Boot protection mechanism (CVE-2025-20143 “medium”) to compromise the system before it starts, among other things. However, the hurdles for this are high: attackers must have root rights and in such a position they can already cause extensive damage.

List sorted by threat level in descending order: