| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| The vulnerability of Cisco IOS XE routers of the Cisco ASR 903, related to discrepancies in memory management procedures, allows attackers to trigger a service failure. | 27 Aug 202500:00 | – | bdu_fstec | |
| Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers ARP Denial of Service Vulnerability | 7 May 202516:00 | – | cisco | |
| Cisco IOS XE 安全漏洞 | 7 May 202500:00 | – | cnnvd | |
| CVE-2025-20189 | 7 May 202517:35 | – | cve | |
| CVE-2025-20189 | 7 May 202517:35 | – | cvelist | |
| EUVD-2025-13902 | 3 Oct 202520:07 | – | euvd | |
| Vulnerabilities fixed in Cisco IOS XE Software | 8 May 202508:43 | – | ncsc | |
| CVE-2025-20189 | 7 May 202518:15 | – | nvd | |
| CVE-2025-20189 | 7 May 202518:15 | – | osv | |
| PT-2025-20261 · Cisco · Cisco Ios Xe | 7 May 202500:00 | – | ptsecurity |
#TRUSTED 148599b42132341c8fd773901614b73afd4bae03391c3ed59ede4c33fa891a3e7b17ab2340a385e2030585c613e906621f724fd927178effb701e6b8b708e6381a68c5a7a94a765a792e0394712ef70ed2ad7aca4659d776f0730cfffdc1d59ae73809a0818c4e187b4b9e44455c37b3b28db56a775d329970262a43b6a1b2fac88da6737007ebab60862a00c3b1246e9e755637b3f0f57c0a8e4e711d45b4d7c397c8f088aea5777c5d3760137889c78efcc2a7d85ec77a662d85d27373509187ed6fb9cdff5055f5da5f0804614a7acb81f541e25287cb32d51696a73c1bf54f8facd6a53653a8e7fea6d6c8cc5792f6faf8ac8f0e3f1f94fe29f9c998768766925da289ad7f954c5d0b6fab3a5180374ec8f34519bf99c8718526ebfa7f15c4ebec0a60a7a3e622c779ed6b894d44199fefe998542623069199725b9fabfe587945c8b6827b5ea01bc65c461c086d797c2c4e7070249207d4ecbaf360dfb77d1b8fe19848f6ef207f7da6669940416073204f6605f0adeb6ada9b50d0eeb0e25f928ca1b9fa1d019f26f161af6fae65d897d6a516f901f762627b9b917f8b4122109deec6bbebb6a7604ccb6b519828453283e60875180c2eaec90b79bba82796a29a6678c713f593fcee186071fc70d40319129c562bade24bea79ff23080916d35e1626d3f048381f2b030c16bbde7cd5c8d23d60ab581da0d02509f167
#TRUST-RSA-SHA256 841cccc4d7cf2a103455b88872d3874b86b68bc61fdc1ad53054b07c77d36cc5a58eb5b790a99c5d6869fde6005a50c1891d804a9c24814cf0d73ed3fbce9e2be4a4175b28f27ab738179db04146ffbc6d0eed5d9d033bc4db09471f3150665884e63717b8232d02b1db543a8d6ad0f054efb8a6c0798f12f165850cd48466d013b4bfef97887b4f3e9d053c23c0fd15f066465821585e98dd46b526bd419d57e9a58f4e69468dce394ef7492404060687709d9cac185523ebd1a54e895d95a2597cfaf4bdbd1e0f39f6732d1694027411df6e3a6a747d0da789a899e7811e47533f1fe36cc47af17cf9e00cf2a93da1fffbc5ada94485ef4a90fd31aced7b8571c8056b5416f8c90f8cc5f572a143e4e3d9c1ee95f1ca932352812b26d872c7654353b062c7c468d81391aa612125f4caa9f8aed9ca8d54c197e06f3e80145eb92ba20a16bc37267b73e97b38626a21015a346d181be4c17273ebf9645979d7da2c0d607b633c66c0bfccc5c656d92a13ef8d01d72700992e9090f98d27bfce1e49446ecc04e2f4c856271d30c080bbf193f5404395688d9418a3886b2927c73c03ed88eca9cb61c0dc00aeef96c0f17093e86783b44b45adf2bdfb284629814d62f22ebfd6833a83308f805e90ed2e7f103f553e78d081af6011b2147cb525f4d51f12bdec4c6148944b3a53c9eae3b5cd8a766501b8d4479e2f13288a8d97
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(325381);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/07");
script_cve_id("CVE-2025-20189");
script_xref(name:"CISCO-BUG-ID", value:"CSCwh55442");
script_xref(name:"CISCO-SA", value:"cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ");
script_xref(name:"IAVA", value:"2025-A-0318");
script_name(english:"Cisco IOS XE Software for ASR 903 Aggregation Services Routers ARP DoS (cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability.
- A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903
Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthenticated,
adjacent attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper
memory management when Cisco IOS XE Software is processing Address Resolution Protocol (ARP) messages. An
attacker could exploit this vulnerability by sending crafted ARP messages at a high rate over a period of
time to an affected device. A successful exploit could allow the attacker to exhaust system resources,
which eventually triggers a reload of the active route switch processor (RSP). If a redundant RSP is not
present, the router reloads. (CVE-2025-20189)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?572c13fe");
# https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?564dd2a1");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwh55442");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwh55442");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-20189");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(762);
script_set_attribute(attribute:"vuln_publication_date", value:"2025/05/07");
script_set_attribute(attribute:"patch_publication_date", value:"2025/05/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/07/07");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xe_version.nasl");
script_require_keys("Host/Cisco/IOS-XE/Version", "Settings/ParanoidReport", "Host/Cisco/IOS-XE/Model");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
if (report_paranoia < 2)
audit(AUDIT_PARANOID);
var product_info = cisco::get_product_info(name:'Cisco IOS XE Software');
var model = toupper(product_info.model);
# Vulnerable model list
if ('ASR' >!< model || model !~ "903")
audit(AUDIT_HOST_NOT, 'affected');
var version_list=make_list(
'3.16.0S',
'3.16.0aS',
'3.16.0bS',
'3.16.0cS',
'3.16.1S',
'3.16.1aS',
'3.16.2S',
'3.16.2aS',
'3.16.2bS',
'3.16.3S',
'3.16.3aS',
'3.16.4S',
'3.16.4aS',
'3.16.4bS',
'3.16.4cS',
'3.16.4dS',
'3.16.4eS',
'3.16.4gS',
'3.16.5S',
'3.16.5aS',
'3.16.5bS',
'3.16.6S',
'3.16.6bS',
'3.16.7S',
'3.16.7aS',
'3.16.7bS',
'3.16.8S',
'3.16.9S',
'3.16.10S',
'3.16.10aS',
'3.16.10bS',
'3.17.0S',
'3.17.1S',
'3.17.1aS',
'3.17.2S',
'3.17.3S',
'3.17.4S',
'3.18.0S',
'3.18.0SP',
'3.18.0aS',
'3.18.1S',
'3.18.1SP',
'3.18.1aSP',
'3.18.1bSP',
'3.18.1cSP',
'3.18.1gSP',
'3.18.1hSP',
'3.18.1iSP',
'3.18.2S',
'3.18.2SP',
'3.18.2aSP',
'3.18.3S',
'3.18.3SP',
'3.18.3aSP',
'3.18.3bSP',
'3.18.4S',
'3.18.4SP',
'3.18.5SP',
'3.18.6SP',
'3.18.7SP',
'3.18.8aSP',
'3.18.9SP',
'16.1.1',
'16.1.2',
'16.1.3',
'16.2.1',
'16.2.2',
'16.3.1',
'16.3.1a',
'16.3.2',
'16.3.3',
'16.3.4',
'16.3.5',
'16.3.5b',
'16.3.6',
'16.3.7',
'16.3.8',
'16.3.9',
'16.3.10',
'16.3.11',
'16.4.1',
'16.4.2',
'16.4.3',
'16.5.1',
'16.5.1a',
'16.5.1b',
'16.5.2',
'16.5.3',
'16.6.1',
'16.6.2',
'16.6.3',
'16.6.4',
'16.6.4a',
'16.6.4s',
'16.6.5',
'16.6.5a',
'16.6.5b',
'16.6.6',
'16.6.7',
'16.6.7a',
'16.6.8',
'16.6.9',
'16.6.10',
'16.7.1',
'16.7.1a',
'16.7.1b',
'16.7.2',
'16.7.3',
'16.7.4',
'16.8.1',
'16.8.1a',
'16.8.1b',
'16.8.1c',
'16.8.1d',
'16.8.1e',
'16.8.1s',
'16.8.2',
'16.8.3',
'16.9.1',
'16.9.1a',
'16.9.1b',
'16.9.1c',
'16.9.1d',
'16.9.1s',
'16.9.2',
'16.9.2a',
'16.9.2s',
'16.9.3',
'16.9.3a',
'16.9.3h',
'16.9.3s',
'16.9.4',
'16.9.4c',
'16.9.5',
'16.9.5f',
'16.9.6',
'16.9.7',
'16.9.8',
'16.9.8a',
'16.9.8b',
'16.10.1',
'16.10.1a',
'16.10.1b',
'16.10.1c',
'16.10.1d',
'16.10.1e',
'16.10.1f',
'16.10.1g',
'16.10.1s',
'16.10.2',
'16.10.3',
'16.11.1',
'16.11.1a',
'16.11.1b',
'16.11.1c',
'16.11.1s',
'16.11.2',
'16.12.1',
'16.12.1a',
'16.12.1c',
'16.12.1s',
'16.12.1t',
'16.12.1w',
'16.12.1x',
'16.12.1y',
'16.12.1z',
'16.12.1z1',
'16.12.1z2',
'16.12.2',
'16.12.2a',
'16.12.2s',
'16.12.2t',
'16.12.3',
'16.12.3a',
'16.12.3s',
'16.12.4',
'16.12.4a',
'16.12.5',
'16.12.5a',
'16.12.5b',
'16.12.6',
'16.12.6a',
'16.12.7',
'16.12.8',
'16.12.9',
'16.12.10',
'16.12.10a',
'16.12.11',
'16.12.12',
'16.12.13',
'17.1.1',
'17.1.1a',
'17.1.1s',
'17.1.1t',
'17.1.2',
'17.1.3',
'17.2.1',
'17.2.1a',
'17.2.1r',
'17.2.1v',
'17.2.2',
'17.2.3',
'17.3.1',
'17.3.1a',
'17.3.1w',
'17.3.1x',
'17.3.1z',
'17.3.2',
'17.3.2a',
'17.3.3',
'17.3.3a',
'17.3.4',
'17.3.4a',
'17.3.4b',
'17.3.4c',
'17.3.5',
'17.3.5a',
'17.3.5b',
'17.3.6',
'17.3.7',
'17.3.8',
'17.3.8a',
'17.4.1',
'17.4.1a',
'17.4.1b',
'17.4.1c',
'17.4.2',
'17.4.2a',
'17.5.1',
'17.5.1a',
'17.5.1b',
'17.5.1c',
'17.6.1',
'17.6.1a',
'17.6.1w',
'17.6.1x',
'17.6.1y',
'17.6.1z',
'17.6.1z1',
'17.6.2',
'17.6.3',
'17.6.3a',
'17.6.4',
'17.6.5',
'17.6.5a',
'17.6.6',
'17.6.6a',
'17.6.7',
'17.6.8',
'17.6.8a',
'17.7.1',
'17.7.1a',
'17.7.1b',
'17.7.2',
'17.8.1',
'17.8.1a',
'17.9.1',
'17.9.1a',
'17.9.1w',
'17.9.1x',
'17.9.1x1',
'17.9.1y',
'17.9.1y1',
'17.9.2',
'17.9.2a',
'17.9.3',
'17.9.3a',
'17.9.4',
'17.9.4a',
'17.9.5',
'17.9.5a',
'17.9.5b',
'17.9.5c',
'17.9.5d',
'17.9.5e',
'17.9.5f',
'17.9.6',
'17.9.6a',
'17.9.6b',
'17.10.1',
'17.10.1a',
'17.10.1b',
'17.11.1',
'17.11.1a',
'17.12.1',
'17.12.1w',
'17.12.1x',
'17.12.1y',
'17.12.1z',
'17.12.1z1',
'17.12.2',
'17.12.2a',
'17.12.3',
'17.12.3a',
'17.12.4',
'17.12.4a',
'17.12.4b',
'17.13.1',
'17.13.1a',
'17.14.1',
'17.14.1a'
);
var reporting = make_array(
'port' , product_info['port'],
'severity', SECURITY_WARNING,
'version' , product_info['version'],
'bug_id' , 'CSCwh55442'
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_versions:version_list
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation