Cisco IOS, IOS XE, and Secure Firewall Flaws Allow Remote DoS Attacks

Cisco Systems has issued a high-priority security advisory addressing multiple critical vulnerabilities in the Internet Key Exchange Version 2 (IKEv2) feature across its networking and security product portfolio.

Published on August 14, 2025, the advisory warns of six separate vulnerabilities that could enable unauthenticated remote attackers to launch denial-of-service attacks against affected devices, potentially causing system crashes and service disruptions.

Critical Flaws Enable Remote DoS

The vulnerabilities, tracked under CVE identifiers CVE-2025-20224, CVE-2025-20225, CVE-2025-20239, CVE-2025-20252, CVE-2025-20253, and CVE-2025-20254, stem from improper processing of IKEv2 packets within Cisco’s software implementations.

The most severe vulnerability, CVE-2025-20253, carries a CVSS base score of 8.6, indicating high severity with the potential for significant impact on affected systems.

These flaws present several attack vectors and potential impacts:

• Attack Method: Attackers can exploit the IKEv2 protocol by sending specially crafted packets to vulnerable devices.
• Resource Exhaustion: Successful exploitation can result in infinite ...