CVE-2025-20181

A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to missing signature verification for specific files that may be loaded during the device boot process. An attacker could exploit this vulnerability by placing a crafted file into a specific location on an affected device. A successful exploit could allow the attacker to execute arbitrary code at boot time. Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

Published: 2025-05-07 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]
NVD Status:AnalyzedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2025-20181 is rated Low Risk (29.2/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.16%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-20181

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.06% 0.16% +0.10%
2 2026-01-21 0.04% 0.06% +0.02%
3 2025-11-21 0.04%

Full EPSS history (6 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-20181

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.8 3.0 MEDIUM
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:P)
Hands-on access—USB, keyboard, opening the case—not something you do purely over the wire.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 0.9 5.9 [email protected]

Weakness enumeration for CVE-2025-20181

Affected software / configurations for CVE-2025-20181

Vendor Product Version Raw CPE
cisco ios 15.0\(1\)ex cpe:2.3:o:cisco:ios:15.0\(1\)ex:*:*:*:*:*:*:*
cisco ios 15.0\(1\)ey cpe:2.3:o:cisco:ios:15.0\(1\)ey:*:*:*:*:*:*:*
cisco ios 15.0\(1\)ey1 cpe:2.3:o:cisco:ios:15.0\(1\)ey1:*:*:*:*:*:*:*
cisco ios 15.0\(1\)ey2 cpe:2.3:o:cisco:ios:15.0\(1\)ey2:*:*:*:*:*:*:*
cisco ios 15.0\(1\)xo cpe:2.3:o:cisco:ios:15.0\(1\)xo:*:*:*:*:*:*:*
cisco ios 15.0\(1\)xo1 cpe:2.3:o:cisco:ios:15.0\(1\)xo1:*:*:*:*:*:*:*
cisco ios 15.0\(2\)ex cpe:2.3:o:cisco:ios:15.0\(2\)ex:*:*:*:*:*:*:*
cisco ios 15.0\(2\)ex1 cpe:2.3:o:cisco:ios:15.0\(2\)ex1:*:*:*:*:*:*:*
cisco ios 15.0\(2\)ex2 cpe:2.3:o:cisco:ios:15.0\(2\)ex2:*:*:*:*:*:*:*
cisco ios 15.0\(2\)ex3 cpe:2.3:o:cisco:ios:15.0\(2\)ex3:*:*:*:*:*:*:*
cisco ios 15.0\(2\)ex4 cpe:2.3:o:cisco:ios:15.0\(2\)ex4:*:*:*:*:*:*:*
cisco ios 15.0\(2\)ex5 cpe:2.3:o:cisco:ios:15.0\(2\)ex5:*:*:*:*:*:*:*
cisco ios 15.0\(2\)ex8 cpe:2.3:o:cisco:ios:15.0\(2\)ex8:*:*:*:*:*:*:*
cisco ios 15.0\(2\)ex10 cpe:2.3:o:cisco:ios:15.0\(2\)ex10:*:*:*:*:*:*:*
cisco ios 15.0\(2\)ex11 cpe:2.3:o:cisco:ios:15.0\(2\)ex11:*:*:*:*:*:*:*
cisco ios 15.0\(2\)ex12 cpe:2.3:o:cisco:ios:15.0\(2\)ex12:*:*:*:*:*:*:*
cisco ios 15.0\(2\)ex13 cpe:2.3:o:cisco:ios:15.0\(2\)ex13:*:*:*:*:*:*:*
cisco ios 15.0\(2\)se8 cpe:2.3:o:cisco:ios:15.0\(2\)se8:*:*:*:*:*:*:*
cisco ios 15.0\(2\)sqd cpe:2.3:o:cisco:ios:15.0\(2\)sqd:*:*:*:*:*:*:*
cisco ios 15.0\(2\)sqd1 cpe:2.3:o:cisco:ios:15.0\(2\)sqd1:*:*:*:*:*:*:*
cisco ios 15.0\(2\)sqd2 cpe:2.3:o:cisco:ios:15.0\(2\)sqd2:*:*:*:*:*:*:*
cisco ios 15.0\(2\)sqd3 cpe:2.3:o:cisco:ios:15.0\(2\)sqd3:*:*:*:*:*:*:*
cisco ios 15.0\(2\)sqd4 cpe:2.3:o:cisco:ios:15.0\(2\)sqd4:*:*:*:*:*:*:*
cisco ios 15.0\(2\)sqd5 cpe:2.3:o:cisco:ios:15.0\(2\)sqd5:*:*:*:*:*:*:*
cisco ios 15.0\(2\)sqd6 cpe:2.3:o:cisco:ios:15.0\(2\)sqd6:*:*:*:*:*:*:*
cisco ios 15.0\(2\)sqd7 cpe:2.3:o:cisco:ios:15.0\(2\)sqd7:*:*:*:*:*:*:*
cisco ios 15.0\(2\)sqd8 cpe:2.3:o:cisco:ios:15.0\(2\)sqd8:*:*:*:*:*:*:*
cisco ios 15.0\(2\)xo cpe:2.3:o:cisco:ios:15.0\(2\)xo:*:*:*:*:*:*:*
cisco ios 15.0\(2a\)ex5 cpe:2.3:o:cisco:ios:15.0\(2a\)ex5:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e cpe:2.3:o:cisco:ios:15.2\(2\)e:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e1 cpe:2.3:o:cisco:ios:15.2\(2\)e1:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e2 cpe:2.3:o:cisco:ios:15.2\(2\)e2:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e3 cpe:2.3:o:cisco:ios:15.2\(2\)e3:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e4 cpe:2.3:o:cisco:ios:15.2\(2\)e4:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e5 cpe:2.3:o:cisco:ios:15.2\(2\)e5:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e5a cpe:2.3:o:cisco:ios:15.2\(2\)e5a:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e5b cpe:2.3:o:cisco:ios:15.2\(2\)e5b:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e6 cpe:2.3:o:cisco:ios:15.2\(2\)e6:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e7 cpe:2.3:o:cisco:ios:15.2\(2\)e7:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e8 cpe:2.3:o:cisco:ios:15.2\(2\)e8:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e9 cpe:2.3:o:cisco:ios:15.2\(2\)e9:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e10 cpe:2.3:o:cisco:ios:15.2\(2\)e10:*:*:*:*:*:*:*
cisco ios 15.2\(2a\)e1 cpe:2.3:o:cisco:ios:15.2\(2a\)e1:*:*:*:*:*:*:*
cisco ios 15.2\(2a\)e2 cpe:2.3:o:cisco:ios:15.2\(2a\)e2:*:*:*:*:*:*:*
cisco ios 15.2\(3\)e cpe:2.3:o:cisco:ios:15.2\(3\)e:*:*:*:*:*:*:*
cisco ios 15.2\(3\)e1 cpe:2.3:o:cisco:ios:15.2\(3\)e1:*:*:*:*:*:*:*
cisco ios 15.2\(3\)e2 cpe:2.3:o:cisco:ios:15.2\(3\)e2:*:*:*:*:*:*:*
cisco ios 15.2\(3\)e3 cpe:2.3:o:cisco:ios:15.2\(3\)e3:*:*:*:*:*:*:*
cisco ios 15.2\(3\)e4 cpe:2.3:o:cisco:ios:15.2\(3\)e4:*:*:*:*:*:*:*
cisco ios 15.2\(3a\)e cpe:2.3:o:cisco:ios:15.2\(3a\)e:*:*:*:*:*:*:*
cisco ios 15.2\(4\)e cpe:2.3:o:cisco:ios:15.2\(4\)e:*:*:*:*:*:*:*
cisco ios 15.2\(4\)e1 cpe:2.3:o:cisco:ios:15.2\(4\)e1:*:*:*:*:*:*:*
cisco ios 15.2\(4\)e2 cpe:2.3:o:cisco:ios:15.2\(4\)e2:*:*:*:*:*:*:*
cisco ios 15.2\(4\)e3 cpe:2.3:o:cisco:ios:15.2\(4\)e3:*:*:*:*:*:*:*
cisco ios 15.2\(4\)e4 cpe:2.3:o:cisco:ios:15.2\(4\)e4:*:*:*:*:*:*:*
cisco ios 15.2\(4\)e5 cpe:2.3:o:cisco:ios:15.2\(4\)e5:*:*:*:*:*:*:*
cisco ios 15.2\(4\)e6 cpe:2.3:o:cisco:ios:15.2\(4\)e6:*:*:*:*:*:*:*
cisco ios 15.2\(4\)e7 cpe:2.3:o:cisco:ios:15.2\(4\)e7:*:*:*:*:*:*:*
cisco ios 15.2\(4\)e8 cpe:2.3:o:cisco:ios:15.2\(4\)e8:*:*:*:*:*:*:*
cisco ios 15.2\(4\)e9 cpe:2.3:o:cisco:ios:15.2\(4\)e9:*:*:*:*:*:*:*
cisco ios 15.2\(4\)e10 cpe:2.3:o:cisco:ios:15.2\(4\)e10:*:*:*:*:*:*:*
cisco ios 15.2\(4\)e10a cpe:2.3:o:cisco:ios:15.2\(4\)e10a:*:*:*:*:*:*:*
cisco ios 15.2\(4\)e10d cpe:2.3:o:cisco:ios:15.2\(4\)e10d:*:*:*:*:*:*:*
cisco ios 15.2\(4\)ea7 cpe:2.3:o:cisco:ios:15.2\(4\)ea7:*:*:*:*:*:*:*
cisco ios 15.2\(4\)ea8 cpe:2.3:o:cisco:ios:15.2\(4\)ea8:*:*:*:*:*:*:*
cisco ios 15.2\(4\)ea9 cpe:2.3:o:cisco:ios:15.2\(4\)ea9:*:*:*:*:*:*:*
cisco ios 15.2\(4\)ea9a cpe:2.3:o:cisco:ios:15.2\(4\)ea9a:*:*:*:*:*:*:*
cisco ios 15.2\(5\)e cpe:2.3:o:cisco:ios:15.2\(5\)e:*:*:*:*:*:*:*
cisco ios 15.2\(5\)e1 cpe:2.3:o:cisco:ios:15.2\(5\)e1:*:*:*:*:*:*:*
cisco ios 15.2\(5\)e2 cpe:2.3:o:cisco:ios:15.2\(5\)e2:*:*:*:*:*:*:*
cisco ios 15.2\(5b\)e cpe:2.3:o:cisco:ios:15.2\(5b\)e:*:*:*:*:*:*:*
cisco ios 15.2\(6\)e cpe:2.3:o:cisco:ios:15.2\(6\)e:*:*:*:*:*:*:*
cisco ios 15.2\(6\)e0a cpe:2.3:o:cisco:ios:15.2\(6\)e0a:*:*:*:*:*:*:*
cisco ios 15.2\(6\)e0c cpe:2.3:o:cisco:ios:15.2\(6\)e0c:*:*:*:*:*:*:*
cisco ios 15.2\(6\)e1 cpe:2.3:o:cisco:ios:15.2\(6\)e1:*:*:*:*:*:*:*
cisco ios 15.2\(6\)e2 cpe:2.3:o:cisco:ios:15.2\(6\)e2:*:*:*:*:*:*:*
cisco ios 15.2\(6\)e2a cpe:2.3:o:cisco:ios:15.2\(6\)e2a:*:*:*:*:*:*:*
cisco ios 15.2\(6\)e2b cpe:2.3:o:cisco:ios:15.2\(6\)e2b:*:*:*:*:*:*:*
cisco ios 15.2\(6\)e3 cpe:2.3:o:cisco:ios:15.2\(6\)e3:*:*:*:*:*:*:*
cisco ios 15.2\(6\)eb cpe:2.3:o:cisco:ios:15.2\(6\)eb:*:*:*:*:*:*:*

References for CVE-2025-20181

cvelogic Threat Intelligence