Cisco IOS XR Software Internet Key Exchange Version 2 Denial of Service Vulnerability (CVE-2025-20209)
CVE number = CVE-2025-20209
A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets.
This vulnerability is due to improper handling of malformed IKEv2 packets.
An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device.
A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition.
This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco IOS XR Software and have IKEv2 enabled:
- Network Convergence System (NCS) 540L
- NCS 1004
- NCS 1010
- NCS 1014
To determine whether IKEv2 is configured on a device, use the show udp brief command and verify whether the device is listening on ports 4500 and 500. The following example shows CLI output on a device that is affected by this vulnerability:
Router#show udp brief
PCB VRF-ID Recv-Q Send-Q Local Address Foreign Address
0x000000000000 0x60000000 0 0 0.0.0.0:4500 0.0.0.0:0
0x000000000000 0x00000000 0 0 0.0.0.0:4500 0.0.0.0:0
0x000000000000 0x60000000 0 0 0.0.0.0:500 0.0.0.0:0
0x000000000000 0x00000000 0 0 0.0.0.0:500 0.0.0.0:0
Router#
Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrike-9wYGpRGq
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.