Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2025-20189

Mismatched Memory Management Routines

Published: May 07, 2025 | Modified: Aug 05, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
Vulnerability-free packages from our partners
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2025-20189
CWEhttps://cwe.mitre.org/data/definitions/762.html

A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper memory management when Cisco IOS XE Software is processing Address Resolution Protocol (ARP) messages. An attacker could exploit this vulnerability by sending crafted ARP messages at a high rate over a period of time to an affected device. A successful exploit could allow the attacker to exhaust system resources, which eventually triggers a reload of the active route switch processor (RSP). If a redundant RSP is not present, the router reloads.

Weakness

The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.

Affected Software

Name Vendor Start Version End Version
Ios_xe Cisco 3.16.0cs (including) 3.16.0cs (including)
Ios_xe Cisco 3.16.0s (including) 3.16.0s (including)
Ios_xe Cisco 3.16.1as (including) 3.16.1as (including)
Ios_xe Cisco 3.16.1s (including) 3.16.1s (including)
Ios_xe Cisco 3.16.2as (including) 3.16.2as (including)
Ios_xe Cisco 3.16.2bs (including) 3.16.2bs (including)
Ios_xe Cisco 3.16.2s (including) 3.16.2s (including)
Ios_xe Cisco 3.16.3as (including) 3.16.3as (including)
Ios_xe Cisco 3.16.3s (including) 3.16.3s (including)
Ios_xe Cisco 3.16.4as (including) 3.16.4as (including)
Ios_xe Cisco 3.16.4bs (including) 3.16.4bs (including)
Ios_xe Cisco 3.16.4ds (including) 3.16.4ds (including)
Ios_xe Cisco 3.16.4s (including) 3.16.4s (including)
Ios_xe Cisco 3.16.5s (including) 3.16.5s (including)
Ios_xe Cisco 3.16.6bs (including) 3.16.6bs (including)
Ios_xe Cisco 3.16.6s (including) 3.16.6s (including)
Ios_xe Cisco 3.16.7as (including) 3.16.7as (including)
Ios_xe Cisco 3.16.7bs (including) 3.16.7bs (including)
Ios_xe Cisco 3.16.7s (including) 3.16.7s (including)
Ios_xe Cisco 3.16.8s (including) 3.16.8s (including)
Ios_xe Cisco 3.16.9s (including) 3.16.9s (including)
Ios_xe Cisco 3.16.10s (including) 3.16.10s (including)
Ios_xe Cisco 3.17.0s (including) 3.17.0s (including)
Ios_xe Cisco 3.17.1as (including) 3.17.1as (including)
Ios_xe Cisco 3.17.1s (including) 3.17.1s (including)
Ios_xe Cisco 3.17.2s (including) 3.17.2s (including)
Ios_xe Cisco 3.17.3s (including) 3.17.3s (including)
Ios_xe Cisco 3.17.4s (including) 3.17.4s (including)
Ios_xe Cisco 3.18.0as (including) 3.18.0as (including)
Ios_xe Cisco 3.18.0s (including) 3.18.0s (including)
Ios_xe Cisco 3.18.0sp (including) 3.18.0sp (including)
Ios_xe Cisco 3.18.1asp (including) 3.18.1asp (including)
Ios_xe Cisco 3.18.1bsp (including) 3.18.1bsp (including)
Ios_xe Cisco 3.18.1csp (including) 3.18.1csp (including)
Ios_xe Cisco 3.18.1s (including) 3.18.1s (including)
Ios_xe Cisco 3.18.1sp (including) 3.18.1sp (including)
Ios_xe Cisco 3.18.2asp (including) 3.18.2asp (including)
Ios_xe Cisco 3.18.2s (including) 3.18.2s (including)
Ios_xe Cisco 3.18.2sp (including) 3.18.2sp (including)
Ios_xe Cisco 3.18.3asp (including) 3.18.3asp (including)
Ios_xe Cisco 3.18.3bsp (including) 3.18.3bsp (including)
Ios_xe Cisco 3.18.3s (including) 3.18.3s (including)
Ios_xe Cisco 3.18.3sp (including) 3.18.3sp (including)
Ios_xe Cisco 3.18.4s (including) 3.18.4s (including)
Ios_xe Cisco 3.18.4sp (including) 3.18.4sp (including)
Ios_xe Cisco 3.18.5sp (including) 3.18.5sp (including)
Ios_xe Cisco 3.18.6sp (including) 3.18.6sp (including)
Ios_xe Cisco 3.18.7sp (including) 3.18.7sp (including)
Ios_xe Cisco 3.18.8asp (including) 3.18.8asp (including)
Ios_xe Cisco 3.18.9sp (including) 3.18.9sp (including)
Ios_xe Cisco 16.1.1 (including) 16.1.1 (including)
Ios_xe Cisco 16.1.2 (including) 16.1.2 (including)
Ios_xe Cisco 16.1.3 (including) 16.1.3 (including)
Ios_xe Cisco 16.2.1 (including) 16.2.1 (including)
Ios_xe Cisco 16.2.2 (including) 16.2.2 (including)
Ios_xe Cisco 16.3.1 (including) 16.3.1 (including)
Ios_xe Cisco 16.3.1a (including) 16.3.1a (including)
Ios_xe Cisco 16.3.2 (including) 16.3.2 (including)
Ios_xe Cisco 16.3.3 (including) 16.3.3 (including)
Ios_xe Cisco 16.3.4 (including) 16.3.4 (including)
Ios_xe Cisco 16.3.5 (including) 16.3.5 (including)
Ios_xe Cisco 16.3.5b (including) 16.3.5b (including)
Ios_xe Cisco 16.3.6 (including) 16.3.6 (including)
Ios_xe Cisco 16.3.7 (including) 16.3.7 (including)
Ios_xe Cisco 16.3.8 (including) 16.3.8 (including)
Ios_xe Cisco 16.3.9 (including) 16.3.9 (including)
Ios_xe Cisco 16.3.10 (including) 16.3.10 (including)
Ios_xe Cisco 16.3.11 (including) 16.3.11 (including)
Ios_xe Cisco 16.4.1 (including) 16.4.1 (including)
Ios_xe Cisco 16.4.2 (including) 16.4.2 (including)
Ios_xe Cisco 16.4.3 (including) 16.4.3 (including)
Ios_xe Cisco 16.5.1 (including) 16.5.1 (including)
Ios_xe Cisco 16.5.1a (including) 16.5.1a (including)
Ios_xe Cisco 16.5.1b (including) 16.5.1b (including)
Ios_xe Cisco 16.5.2 (including) 16.5.2 (including)
Ios_xe Cisco 16.5.3 (including) 16.5.3 (including)
Ios_xe Cisco 16.6.1 (including) 16.6.1 (including)
Ios_xe Cisco 16.6.2 (including) 16.6.2 (including)
Ios_xe Cisco 16.6.3 (including) 16.6.3 (including)
Ios_xe Cisco 16.6.4 (including) 16.6.4 (including)
Ios_xe Cisco 16.6.4a (including) 16.6.4a (including)
Ios_xe Cisco 16.6.5 (including) 16.6.5 (including)
Ios_xe Cisco 16.6.5a (including) 16.6.5a (including)
Ios_xe Cisco 16.6.6 (including) 16.6.6 (including)
Ios_xe Cisco 16.6.7 (including) 16.6.7 (including)
Ios_xe Cisco 16.6.8 (including) 16.6.8 (including)
Ios_xe Cisco 16.6.9 (including) 16.6.9 (including)
Ios_xe Cisco 16.6.10 (including) 16.6.10 (including)
Ios_xe Cisco 16.7.1 (including) 16.7.1 (including)
Ios_xe Cisco 16.7.1a (including) 16.7.1a (including)
Ios_xe Cisco 16.7.1b (including) 16.7.1b (including)
Ios_xe Cisco 16.7.2 (including) 16.7.2 (including)
Ios_xe Cisco 16.7.3 (including) 16.7.3 (including)
Ios_xe Cisco 16.7.4 (including) 16.7.4 (including)
Ios_xe Cisco 16.8.1 (including) 16.8.1 (including)
Ios_xe Cisco 16.8.1a (including) 16.8.1a (including)
Ios_xe Cisco 16.8.1b (including) 16.8.1b (including)
Ios_xe Cisco 16.8.1c (including) 16.8.1c (including)
Ios_xe Cisco 16.8.1d (including) 16.8.1d (including)
Ios_xe Cisco 16.8.1e (including) 16.8.1e (including)
Ios_xe Cisco 16.8.1s (including) 16.8.1s (including)
Ios_xe Cisco 16.8.2 (including) 16.8.2 (including)
Ios_xe Cisco 16.8.3 (including) 16.8.3 (including)
Ios_xe Cisco 16.9.1 (including) 16.9.1 (including)
Ios_xe Cisco 16.9.1a (including) 16.9.1a (including)
Ios_xe Cisco 16.9.1b (including) 16.9.1b (including)
Ios_xe Cisco 16.9.1s (including) 16.9.1s (including)
Ios_xe Cisco 16.9.2 (including) 16.9.2 (including)
Ios_xe Cisco 16.9.3 (including) 16.9.3 (including)
Ios_xe Cisco 16.9.3a (including) 16.9.3a (including)
Ios_xe Cisco 16.9.4 (including) 16.9.4 (including)
Ios_xe Cisco 16.9.5 (including) 16.9.5 (including)
Ios_xe Cisco 16.9.5f (including) 16.9.5f (including)
Ios_xe Cisco 16.9.6 (including) 16.9.6 (including)
Ios_xe Cisco 16.9.7 (including) 16.9.7 (including)
Ios_xe Cisco 16.9.8 (including) 16.9.8 (including)
Ios_xe Cisco 16.10.1 (including) 16.10.1 (including)
Ios_xe Cisco 16.10.1a (including) 16.10.1a (including)
Ios_xe Cisco 16.10.1b (including) 16.10.1b (including)
Ios_xe Cisco 16.10.1c (including) 16.10.1c (including)
Ios_xe Cisco 16.10.1d (including) 16.10.1d (including)
Ios_xe Cisco 16.10.1e (including) 16.10.1e (including)
Ios_xe Cisco 16.10.1f (including) 16.10.1f (including)
Ios_xe Cisco 16.10.1g (including) 16.10.1g (including)
Ios_xe Cisco 16.10.1s (including) 16.10.1s (including)
Ios_xe Cisco 16.10.2 (including) 16.10.2 (including)
Ios_xe Cisco 16.10.3 (including) 16.10.3 (including)
Ios_xe Cisco 16.11.1 (including) 16.11.1 (including)
Ios_xe Cisco 16.11.1a (including) 16.11.1a (including)
Ios_xe Cisco 16.11.1b (including) 16.11.1b (including)
Ios_xe Cisco 16.11.1s (including) 16.11.1s (including)
Ios_xe Cisco 16.11.2 (including) 16.11.2 (including)
Ios_xe Cisco 16.12.1 (including) 16.12.1 (including)
Ios_xe Cisco 16.12.1a (including) 16.12.1a (including)
Ios_xe Cisco 16.12.1c (including) 16.12.1c (including)
Ios_xe Cisco 16.12.1s (including) 16.12.1s (including)
Ios_xe Cisco 16.12.1t (including) 16.12.1t (including)
Ios_xe Cisco 16.12.1w (including) 16.12.1w (including)
Ios_xe Cisco 16.12.1x (including) 16.12.1x (including)
Ios_xe Cisco 16.12.1y (including) 16.12.1y (including)
Ios_xe Cisco 16.12.1z1 (including) 16.12.1z1 (including)
Ios_xe Cisco 16.12.1z2 (including) 16.12.1z2 (including)
Ios_xe Cisco 16.12.2 (including) 16.12.2 (including)
Ios_xe Cisco 16.12.2a (including) 16.12.2a (including)
Ios_xe Cisco 16.12.2s (including) 16.12.2s (including)
Ios_xe Cisco 16.12.3 (including) 16.12.3 (including)
Ios_xe Cisco 16.12.3a (including) 16.12.3a (including)
Ios_xe Cisco 16.12.3s (including) 16.12.3s (including)
Ios_xe Cisco 16.12.4 (including) 16.12.4 (including)
Ios_xe Cisco 16.12.4a (including) 16.12.4a (including)
Ios_xe Cisco 16.12.5 (including) 16.12.5 (including)
Ios_xe Cisco 16.12.5a (including) 16.12.5a (including)
Ios_xe Cisco 16.12.5b (including) 16.12.5b (including)
Ios_xe Cisco 16.12.6 (including) 16.12.6 (including)
Ios_xe Cisco 16.12.6a (including) 16.12.6a (including)
Ios_xe Cisco 16.12.7 (including) 16.12.7 (including)
Ios_xe Cisco 16.12.8 (including) 16.12.8 (including)
Ios_xe Cisco 16.12.9 (including) 16.12.9 (including)
Ios_xe Cisco 16.12.10 (including) 16.12.10 (including)
Ios_xe Cisco 16.12.10a (including) 16.12.10a (including)
Ios_xe Cisco 16.12.11 (including) 16.12.11 (including)
Ios_xe Cisco 16.12.12 (including) 16.12.12 (including)
Ios_xe Cisco 16.12.13 (including) 16.12.13 (including)
Ios_xe Cisco 17.1.1 (including) 17.1.1 (including)
Ios_xe Cisco 17.1.1a (including) 17.1.1a (including)
Ios_xe Cisco 17.1.1s (including) 17.1.1s (including)
Ios_xe Cisco 17.1.1t (including) 17.1.1t (including)
Ios_xe Cisco 17.1.3 (including) 17.1.3 (including)
Ios_xe Cisco 17.2.1 (including) 17.2.1 (including)
Ios_xe Cisco 17.2.1a (including) 17.2.1a (including)
Ios_xe Cisco 17.2.1r (including) 17.2.1r (including)
Ios_xe Cisco 17.2.1v (including) 17.2.1v (including)
Ios_xe Cisco 17.2.2 (including) 17.2.2 (including)
Ios_xe Cisco 17.2.3 (including) 17.2.3 (including)
Ios_xe Cisco 17.3.1 (including) 17.3.1 (including)
Ios_xe Cisco 17.3.1a (including) 17.3.1a (including)
Ios_xe Cisco 17.3.1w (including) 17.3.1w (including)
Ios_xe Cisco 17.3.1x (including) 17.3.1x (including)
Ios_xe Cisco 17.3.1z (including) 17.3.1z (including)
Ios_xe Cisco 17.3.2 (including) 17.3.2 (including)
Ios_xe Cisco 17.3.2a (including) 17.3.2a (including)
Ios_xe Cisco 17.3.3 (including) 17.3.3 (including)
Ios_xe Cisco 17.3.4 (including) 17.3.4 (including)
Ios_xe Cisco 17.3.4a (including) 17.3.4a (including)
Ios_xe Cisco 17.3.4b (including) 17.3.4b (including)
Ios_xe Cisco 17.3.4c (including) 17.3.4c (including)
Ios_xe Cisco 17.3.5 (including) 17.3.5 (including)
Ios_xe Cisco 17.3.5a (including) 17.3.5a (including)
Ios_xe Cisco 17.3.5b (including) 17.3.5b (including)
Ios_xe Cisco 17.3.6 (including) 17.3.6 (including)
Ios_xe Cisco 17.3.7 (including) 17.3.7 (including)
Ios_xe Cisco 17.3.8 (including) 17.3.8 (including)
Ios_xe Cisco 17.3.8a (including) 17.3.8a (including)
Ios_xe Cisco 17.4.1 (including) 17.4.1 (including)
Ios_xe Cisco 17.4.1a (including) 17.4.1a (including)
Ios_xe Cisco 17.4.1b (including) 17.4.1b (including)
Ios_xe Cisco 17.4.2 (including) 17.4.2 (including)
Ios_xe Cisco 17.4.2a (including) 17.4.2a (including)
Ios_xe Cisco 17.5.1 (including) 17.5.1 (including)
Ios_xe Cisco 17.5.1a (including) 17.5.1a (including)
Ios_xe Cisco 17.6.1 (including) 17.6.1 (including)
Ios_xe Cisco 17.6.1a (including) 17.6.1a (including)
Ios_xe Cisco 17.6.1w (including) 17.6.1w (including)
Ios_xe Cisco 17.6.1x (including) 17.6.1x (including)
Ios_xe Cisco 17.6.1y (including) 17.6.1y (including)
Ios_xe Cisco 17.6.1z (including) 17.6.1z (including)
Ios_xe Cisco 17.6.1z1 (including) 17.6.1z1 (including)
Ios_xe Cisco 17.6.2 (including) 17.6.2 (including)
Ios_xe Cisco 17.6.3 (including) 17.6.3 (including)
Ios_xe Cisco 17.6.3a (including) 17.6.3a (including)
Ios_xe Cisco 17.6.4 (including) 17.6.4 (including)
Ios_xe Cisco 17.6.5 (including) 17.6.5 (including)
Ios_xe Cisco 17.6.5a (including) 17.6.5a (including)
Ios_xe Cisco 17.6.6 (including) 17.6.6 (including)
Ios_xe Cisco 17.6.6a (including) 17.6.6a (including)
Ios_xe Cisco 17.6.7 (including) 17.6.7 (including)
Ios_xe Cisco 17.6.8 (including) 17.6.8 (including)
Ios_xe Cisco 17.6.8a (including) 17.6.8a (including)
Ios_xe Cisco 17.7.1 (including) 17.7.1 (including)
Ios_xe Cisco 17.7.1a (including) 17.7.1a (including)
Ios_xe Cisco 17.7.1b (including) 17.7.1b (including)
Ios_xe Cisco 17.7.2 (including) 17.7.2 (including)
Ios_xe Cisco 17.8.1 (including) 17.8.1 (including)
Ios_xe Cisco 17.8.1a (including) 17.8.1a (including)
Ios_xe Cisco 17.9.1 (including) 17.9.1 (including)
Ios_xe Cisco 17.9.1a (including) 17.9.1a (including)
Ios_xe Cisco 17.9.1w (including) 17.9.1w (including)
Ios_xe Cisco 17.9.1x (including) 17.9.1x (including)
Ios_xe Cisco 17.9.1x1 (including) 17.9.1x1 (including)
Ios_xe Cisco 17.9.1y (including) 17.9.1y (including)
Ios_xe Cisco 17.9.1y1 (including) 17.9.1y1 (including)
Ios_xe Cisco 17.9.2 (including) 17.9.2 (including)
Ios_xe Cisco 17.9.2a (including) 17.9.2a (including)
Ios_xe Cisco 17.9.3 (including) 17.9.3 (including)
Ios_xe Cisco 17.9.3a (including) 17.9.3a (including)
Ios_xe Cisco 17.9.4 (including) 17.9.4 (including)
Ios_xe Cisco 17.9.4a (including) 17.9.4a (including)
Ios_xe Cisco 17.9.5 (including) 17.9.5 (including)
Ios_xe Cisco 17.9.5a (including) 17.9.5a (including)
Ios_xe Cisco 17.9.5b (including) 17.9.5b (including)
Ios_xe Cisco 17.9.5e (including) 17.9.5e (including)
Ios_xe Cisco 17.9.5f (including) 17.9.5f (including)
Ios_xe Cisco 17.9.6 (including) 17.9.6 (including)
Ios_xe Cisco 17.9.6a (including) 17.9.6a (including)
Ios_xe Cisco 17.10.1 (including) 17.10.1 (including)
Ios_xe Cisco 17.10.1a (including) 17.10.1a (including)
Ios_xe Cisco 17.10.1b (including) 17.10.1b (including)
Ios_xe Cisco 17.11.1 (including) 17.11.1 (including)
Ios_xe Cisco 17.11.1a (including) 17.11.1a (including)
Ios_xe Cisco 17.12.1 (including) 17.12.1 (including)
Ios_xe Cisco 17.12.1w (including) 17.12.1w (including)
Ios_xe Cisco 17.12.1x (including) 17.12.1x (including)
Ios_xe Cisco 17.12.1y (including) 17.12.1y (including)
Ios_xe Cisco 17.12.1z (including) 17.12.1z (including)
Ios_xe Cisco 17.12.1z1 (including) 17.12.1z1 (including)
Ios_xe Cisco 17.12.2 (including) 17.12.2 (including)
Ios_xe Cisco 17.12.2a (including) 17.12.2a (including)
Ios_xe Cisco 17.12.3 (including) 17.12.3 (including)
Ios_xe Cisco 17.12.3a (including) 17.12.3a (including)
Ios_xe Cisco 17.12.4 (including) 17.12.4 (including)
Ios_xe Cisco 17.12.4a (including) 17.12.4a (including)
Ios_xe Cisco 17.12.4b (including) 17.12.4b (including)
Ios_xe Cisco 17.13.1 (including) 17.13.1 (including)
Ios_xe Cisco 17.13.1a (including) 17.13.1a (including)
Ios_xe Cisco 17.14.1 (including) 17.14.1 (including)
Ios_xe Cisco 17.14.1a (including) 17.14.1a (including)

Extended Description

This weakness can be generally described as mismatching memory management routines, such as:

When the memory management functions are mismatched, the consequences may be as severe as code execution, memory corruption, or program crash. Consequences and ease of exploit will vary depending on the implementation of the routines and the object being managed.

Potential Mitigations

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, glibc in Linux provides protection against free of invalid pointers.

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use