{"vulnerability": "CVE-2025-20115", "sightings": [{"uuid": "19ff23e6-fd6a-45a6-8fab-472d786d87fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-20115", "type": "seen", "source": "https://infosec.exchange/users/patrickcmiller/statuses/114181126360727469", "content": "", "creation_timestamp": "2025-03-18T02:42:03.149521Z"}, {"uuid": "fb617e73-8a5f-4436-8cf3-a36aff69cfb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://bsky.app/profile/empist.bsky.social/post/3lkeetx5bws23", "content": "", "creation_timestamp": "2025-03-14T19:47:07.890791Z"}, {"uuid": "8081d3ee-9207-4051-89c0-5b62d723cfa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://bsky.app/profile/calebpr.bsky.social/post/3lkk4y5x3yy2p", "content": "", "creation_timestamp": "2025-03-17T02:42:13.297792Z"}, {"uuid": "b80d586b-35be-4da9-a836-ff1797f3cdeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-20115", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3lkd2pl2q5k27", "content": "", "creation_timestamp": "2025-03-14T07:13:06.880413Z"}, {"uuid": "99e8f508-993d-4381-af09-48b2d89f51f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114150716852953937", "content": "", "creation_timestamp": "2025-03-12T17:48:30.644201Z"}, {"uuid": "87ea8d74-1e6a-4daf-94d6-f6f26974a394", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114151010071305070", "content": "", "creation_timestamp": "2025-03-12T19:03:04.340776Z"}, {"uuid": "a358670a-51ae-45dd-a434-8cda8116ea85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lkgdzbmzpf2d", "content": "", "creation_timestamp": "2025-03-15T14:37:27.977652Z"}, {"uuid": "b1a3beb3-9c67-4bb1-b631-8d05a8dd0bc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3lkfzcxtto42d", "content": "", "creation_timestamp": "2025-03-15T11:26:03.011236Z"}, {"uuid": "acdc8b8e-5bee-4dbe-8d8e-243cd34d476f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://bsky.app/profile/defendopsdiaries.bsky.social/post/3lke3aypk432l", "content": "", "creation_timestamp": "2025-03-14T16:55:24.709860Z"}, {"uuid": "d96e7117-b814-46c3-8710-ee1a40db66ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://bsky.app/profile/royans.bsky.social/post/3lkid4sttci26", "content": "", "creation_timestamp": "2025-03-16T09:26:53.082047Z"}, {"uuid": "7e58da30-c56a-4949-98f1-1b8f292b75ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3lke43pe6uj2s", "content": "", "creation_timestamp": "2025-03-14T17:10:20.708025Z"}, {"uuid": "831ee53f-7f71-4c68-ab61-c74c99e8a088", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-948b45c4-e87c79c994e39b2d", "content": "", "creation_timestamp": "2025-03-14T14:54:13.811503Z"}, {"uuid": "3bbeb31d-5f8a-487d-97f7-6a688bdeaedc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lojwog7a2s2w", "content": "", "creation_timestamp": "2025-05-06T22:30:10.935632Z"}, {"uuid": "dfa71a76-72f0-4ff0-817d-3579a51f0c49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8450", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-20115\n\ud83d\udd25 CVSS Score: 8.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)\n\ud83d\udd39 Description: A vulnerability in confederation implementation for the Border Gateway Protocol (BGP)&nbsp;in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThis vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more.\n\ud83d\udccf Published: 2025-03-12T16:11:58.731Z\n\ud83d\udccf Modified: 2025-03-21T20:35:55.101Z\n\ud83d\udd17 References:\n1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bgp-dos-O7stePhX\n2. https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/", "creation_timestamp": "2025-03-21T21:22:12.000000Z"}, {"uuid": "28db0e2c-e48d-4f40-9a85-5d0a75b18b8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://t.me/cvedetector/20162", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-20115 - Cisco IOS XR BGP Confederation Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-20115 \nPublished : March 12, 2025, 4:15 p.m. | 2\u00a0hours, 58\u00a0minutes ago \nDescription : A vulnerability in confederation implementation for the Border Gateway Protocol (BGP)\u00a0in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.  \n  \nThis vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-12T20:23:16.000000Z"}, {"uuid": "8e9a139e-7800-41b1-92bd-12fdf203e47e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "exploited", "source": "https://t.me/cybersecplayground/135", "content": "\ud83d\udea8 Security Alert: CVE-2025-20115 \ud83d\udea8\n\n\ud83d\udd25 Cisco IOS XR BGP Confederation DoS Vulnerability \u2013 Denial of Service (DoS) Risk\n\n\ud83d\udccc What\u2019s the risk?\nA newly disclosed Denial of Service (DoS) vulnerability in Cisco IOS XR Software affects Border Gateway Protocol (BGP) Confederations, potentially allowing attackers to disrupt network traffic on affected devices.\n\n\ud83d\udd0d Key Details:\n\n\ud83d\udccc Affected Product: Cisco IOS XR Software\n\u26a0\ufe0f Impact: Attackers can exploit this flaw to trigger a DoS condition, taking down network routers\n\ud83d\udcca 1,300+ exposed instances detected on Hunter\n\ud83d\udea8 Actively scanned and exploited in the wild\n\ud83d\udd0e How to find vulnerable instances?\n\ud83d\udcbb HUNTER Query: product.name=\"Cisco IOS-XR\"\n\ud83d\udd17 Hunter Link: https://hunter.how/list...\n\ud83d\udcca Alternative Searches:\n\nFOFA Query: product=\"CISCO-IOS-XR\"\nSHODAN Query: os:\"Cisco IOS XR\"\n\n\ud83d\udcdc Official Cisco Advisory:\n\ud83d\udd17 Cisco Security Advisory\n\ud83d\udcf0 More Details: Security Online Info\n\n\ud83d\udd14 Mitigation Steps:\n\u2705 Apply the latest patches from Cisco ASAP\n\u2705 Restrict access to BGP configurations\n\u2705 Monitor logs for abnormal BGP traffic and DoS attempts\n\n\ud83d\udd34 Stay updated on cybersecurity threats!\n\ud83d\udd17 @cybersecplayground for real-time security alerts.\n\n#Cisco #hunterhow #infosec #infosecurity #OSINT #Vulnerability \ud83d\udea8", "creation_timestamp": "2025-03-15T10:14:51.000000Z"}, {"uuid": "44038e7e-7888-4e0a-bb04-f0ebec5cb815", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "exploited", "source": "Telegram/Ro0F6VMj5kR3HHjRTVzXmiHdU3QpurlhOabUjeiHP7ZZPiI", "content": "", "creation_timestamp": "2025-03-15T11:38:50.000000Z"}, {"uuid": "8c71d78e-fcf0-4946-ac80-a457222a9bd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "exploited", "source": "Telegram/abCwwu11Msn-Gx-FGZjfWAh86KctV0VJ2Y6NE-mMeLtX8Qk", "content": "", "creation_timestamp": "2025-03-15T22:15:19.000000Z"}, {"uuid": "8ba80897-bfd2-4792-99d2-573a001cd4de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "exploited", "source": "Telegram/Id0_l-YMbIe5lPiRsaIR99iGIBaxH0HP56tryeUJxy1-2Xs", "content": "", "creation_timestamp": "2025-03-15T16:59:42.000000Z"}, {"uuid": "174aeecc-4683-4746-8414-56a1861a45a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "exploited", "source": "Telegram/zda-y5Cii3BeFgcb3DAfU2WKQLQ1BfmsaQPr-1--UwXwpSI", "content": "", "creation_timestamp": "2025-03-15T11:39:52.000000Z"}]}