How severe is CVE-2025-20144?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4 out of 10.

What type of vulnerability is CVE-2025-20144?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2025-20144 - MEDIUM Severity | CVSS 4

Vulnerability Description

A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device. For more information, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

Related Vulnerabilities

CVE-2018-15398

MEDIUM

CVSS:4.0(Medium)

A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker t...

CWE-2842018

CVE-2019-10187

MEDIUM

CVSS:4.0(Medium)

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct acces...

CWE-2842019

CVE-2019-10188

MEDIUM

CVSS:4.0(Medium)

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz.

CWE-2842019

CVE-2019-10189

MEDIUM

CVSS:4.0(Medium)

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment.

CWE-2842019

CVE-2022-38388

MEDIUM

CVSS:4.0(Medium)

IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968.

CWE-2842022

CVE-2024-20065

MEDIUM

CVSS:4.0(Medium)

In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interac...

CWE-2842024