Cisco IOS XR vulnerability lets attackers crash BGP on routers

Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. IOS XR runs on the company's carrier-grade, Network Convergence System (NCS), and Carrier Routing System (CRS) series of routers, such as the ASR 9000, NCS 5500, and 8000 series. This high-severity flaw (tracked as CVE-2025-20115) was found in the confederation implementation for the Border Gateway Protocol (BGP), and it only affects Cisco IOS XR devices if BGP confederation is configured. Successful exploitation allows unauthenticated attackers to take down vulnerable devices remotely in low-complexity attacks by causing memory corruption via buffer overflow, leading to a BGP process restart. "This vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers)," the company explains in a security ... Read full article.