Vulnerability Database

296,137

Total vulnerabilities in the database

CVE-2025-20221

A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters.

This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted packet to the affected device. A successful exploit could allow the attacker to bypass the Layer 3 and Layer 4 traffic filters and inject a crafted packet into the network.

  • Published: May 7, 2025
  • Updated: Jul 12, 2025
  • CVE: CVE-2025-20221
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.1
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWEs:

Software From Fixed in
cisco / ios_xe 17.1.1 17.1.1.x
cisco / ios_xe 17.2.1 17.2.1.x
cisco / ios_xe 17.4.1 17.4.1.x
cisco / ios_xe 17.1.1s 17.1.1s.x
cisco / ios_xe 17.1.1t 17.1.1t.x
cisco / ios_xe 17.2.1a 17.2.1a.x
cisco / ios_xe 17.1.3 17.1.3.x
cisco / ios_xe 17.2.1r 17.2.1r.x
cisco / ios_xe 17.2.1v 17.2.1v.x
cisco / ios_xe 17.2.2 17.2.2.x
cisco / ios_xe 17.2.3 17.2.3.x
cisco / ios_xe 17.3.1 17.3.1.x
cisco / ios_xe 17.3.2 17.3.2.x
cisco / ios_xe 17.3.1a 17.3.1a.x
cisco / ios_xe 17.3.2a 17.3.2a.x
cisco / ios_xe 17.4.1a 17.4.1a.x
cisco / ios_xe 17.4.1b 17.4.1b.x
cisco / ios_xe 17.5.1 17.5.1.x
cisco / ios_xe 17.3.3 17.3.3.x
cisco / ios_xe 17.3.4 17.3.4.x
cisco / ios_xe 17.3.5 17.3.5.x
cisco / ios_xe 17.3.4a 17.3.4a.x
cisco / ios_xe 17.3.6 17.3.6.x
cisco / ios_xe 17.3.7 17.3.7.x
cisco / ios_xe 17.4.2 17.4.2.x
cisco / ios_xe 17.5.1a 17.5.1a.x
cisco / ios_xe 17.6.1 17.6.1.x
cisco / ios_xe 17.6.2 17.6.2.x
cisco / ios_xe 17.6.1a 17.6.1a.x
cisco / ios_xe 17.6.3 17.6.3.x
cisco / ios_xe 17.6.1y 17.6.1y.x
cisco / ios_xe 17.6.3a 17.6.3a.x
cisco / ios_xe 17.6.4 17.6.4.x
cisco / ios_xe 17.7.1 17.7.1.x
cisco / ios_xe 17.7.1a 17.7.1a.x
cisco / ios_xe 17.7.2 17.7.2.x
cisco / ios_xe 17.10.1 17.10.1.x
cisco / ios_xe 17.8.1 17.8.1.x
cisco / ios_xe 17.8.1a 17.8.1a.x
cisco / ios_xe 17.9.1 17.9.1.x
cisco / ios_xe 17.9.1a 17.9.1a.x
cisco / ios_xe 17.11.1 17.11.1.x
cisco / ios_xe 16.12.13 16.12.13.x
cisco / ios_xe 17.3.8 17.3.8.x
cisco / ios_xe 17.3.8a 17.3.8a.x
cisco / ios_xe 17.6.5 17.6.5.x
cisco / ios_xe 17.6.6 17.6.6.x
cisco / ios_xe 17.6.6a 17.6.6a.x
cisco / ios_xe 17.6.5a 17.6.5a.x
cisco / ios_xe 17.6.7 17.6.7.x
cisco / ios_xe 17.6.8 17.6.8.x
cisco / ios_xe 17.6.8a 17.6.8a.x
cisco / ios_xe 17.10.1a 17.10.1a.x
cisco / ios_xe 17.10.1b 17.10.1b.x
cisco / ios_xe 17.9.2 17.9.2.x
cisco / ios_xe 17.9.3 17.9.3.x
cisco / ios_xe 17.9.2a 17.9.2a.x
cisco / ios_xe 17.9.3a 17.9.3a.x
cisco / ios_xe 17.9.4 17.9.4.x
cisco / ios_xe 17.9.5 17.9.5.x
cisco / ios_xe 17.9.4a 17.9.4a.x
cisco / ios_xe 17.9.5a 17.9.5a.x
cisco / ios_xe 17.9.5b 17.9.5b.x
cisco / ios_xe 17.9.6 17.9.6.x
cisco / ios_xe 17.9.6a 17.9.6a.x
cisco / ios_xe 17.9.5e 17.9.5e.x
cisco / ios_xe 17.9.5f 17.9.5f.x
cisco / ios_xe 17.11.1a 17.11.1a.x
cisco / ios_xe 17.12.1 17.12.1.x
cisco / ios_xe 17.12.1a 17.12.1a.x
cisco / ios_xe 17.12.2 17.12.2.x
cisco / ios_xe 17.12.3 17.12.3.x
cisco / ios_xe 17.12.4 17.12.4.x
cisco / ios_xe 17.12.3a 17.12.3a.x
cisco / ios_xe 17.12.1z2 17.12.1z2.x
cisco / ios_xe 17.12.4a 17.12.4a.x
cisco / ios_xe 17.12.4b 17.12.4b.x
cisco / ios_xe 17.13.1 17.13.1.x
cisco / ios_xe 17.13.1a 17.13.1a.x
cisco / ios_xe 17.14.1 17.14.1.x
cisco / ios_xe 17.14.1a 17.14.1a.x
cisco / ios_xe 17.15.1 17.15.1.x
cisco / ios_xe 17.15.1a 17.15.1a.x
cisco / ios_xe 17.15.2 17.15.2.x
cisco / ios_xe 17.15.1x 17.15.1x.x
cisco / ios_xe 17.15.2c 17.15.2c.x
cisco / ios_xe 17.15.2b 17.15.2b.x
cisco / ios_xe 17.16.1 17.16.1.x
cisco / ios_xe 17.16.1a 17.16.1a.x