CVE-2025-20181

Home

Description

A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to missing signature verification for specific files that may be loaded during the device boot process. An attacker could exploit this vulnerability by placing a crafted file into a specific location on an affected device. A successful exploit could allow the attacker to execute arbitrary code at boot time. Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

Reserved 2024-10-10 | Published 2025-05-07 | Updated 2025-05-07 | Assigner cisco

Problem types

Improper Verification of Cryptographic Signature

Product status

15.0(1)XO1
affected

15.0(1)XO
affected

15.0(2)XO
affected

15.0(1)EY
affected

15.0(1)EY1
affected

15.0(1)EY2
affected

15.0(2)SE8
affected

15.0(1)EX
affected

15.0(2)EX
affected

15.0(2)EX1
affected

15.0(2)EX2
affected

15.0(2)EX3
affected

15.0(2)EX4
affected

15.0(2)EX5
affected

15.0(2)EX8
affected

15.0(2a)EX5
affected

15.0(2)EX10
affected

15.0(2)EX11
affected

15.0(2)EX13
affected

15.0(2)EX12
affected

15.2(2)E
affected

15.2(3)E
affected

15.2(2)E1
affected

15.2(4)E
affected

15.2(3)E1
affected

15.2(2)E2
affected

15.2(2a)E1
affected

15.2(2)E3
affected

15.2(2a)E2
affected

15.2(3)E2
affected

15.2(3a)E
affected

15.2(3)E3
affected

15.2(4)E1
affected

15.2(2)E4
affected

15.2(2)E5
affected

15.2(4)E2
affected

15.2(3)E4
affected

15.2(5)E
affected

15.2(4)E3
affected

15.2(2)E6
affected

15.2(5)E1
affected

15.2(5b)E
affected

15.2(2)E5a
affected

15.2(2)E5b
affected

15.2(4)E4
affected

15.2(2)E7
affected

15.2(5)E2
affected

15.2(6)E
affected

15.2(4)E5
affected

15.2(2)E8
affected

15.2(6)E0a
affected

15.2(6)E1
affected

15.2(6)E0c
affected

15.2(4)E6
affected

15.2(6)E2
affected

15.2(2)E9
affected

15.2(4)E7
affected

15.2(7)E
affected

15.2(2)E10
affected

15.2(4)E8
affected

15.2(6)E2a
affected

15.2(6)E2b
affected

15.2(7)E1
affected

15.2(7)E0a
affected

15.2(7)E0b
affected

15.2(7)E0s
affected

15.2(6)E3
affected

15.2(4)E9
affected

15.2(7)E2
affected

15.2(7a)E0b
affected

15.2(4)E10
affected

15.2(7)E3
affected

15.2(7)E1a
affected

15.2(7b)E0b
affected

15.2(7)E2a
affected

15.2(4)E10a
affected

15.2(7)E4
affected

15.2(7)E3k
affected

15.2(8)E
affected

15.2(8)E1
affected

15.2(7)E5
affected

15.2(7)E6
affected

15.2(8)E2
affected

15.2(4)E10d
affected

15.2(7)E7
affected

15.2(8)E3
affected

15.2(7)E8
affected

15.2(8)E4
affected

15.2(7)E9
affected

15.2(8)E5
affected

15.2(8)E6
affected

15.2(7)E10
affected

15.2(6)EB
affected

15.2(4)EA7
affected

15.2(4)EA8
affected

15.2(4)EA9
affected

15.2(4)EA9a
affected

15.0(2)SQD
affected

15.0(2)SQD1
affected

15.0(2)SQD2
affected

15.0(2)SQD3
affected

15.0(2)SQD4
affected

15.0(2)SQD5
affected

15.0(2)SQD6
affected

15.0(2)SQD7
affected

15.0(2)SQD8
affected

References

sec.cloudapps.cisco.com/...isco-sa-c2960-3560-sboot-ZtqADrHq (cisco-sa-c2960-3560-sboot-ZtqADrHq)

cve.org (CVE-2025-20181)

nvd.nist.gov (CVE-2025-20181)

Download JSON