Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches Secure Boot Bypass Vulnerability

🚨 SEVERITY: MEDIUM — CVSS 6.8 Security Advisory

TL;DR 📌

A medium-severity vulnerability has been identified in Cisco IOS Software for Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches. This vulnerability allows an attacker to bypass secure boot protections, potentially executing arbitrary code at boot time. Cisco has released software updates to address this issue, and no workarounds are available.

What happened 🕵️‍♂️

A vulnerability in Cisco IOS Software affects Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches. This flaw allows an authenticated local attacker with privilege level 15 or an unauthenticated attacker with physical access to execute persistent code during the boot process, effectively breaking the device’s chain of trust. The vulnerability arises from missing signature verification for certain files loaded during boot. Cisco has raised the Security Impact Rating (SIR) from Medium to High due to the potential severity of this issue.

Affected products 🖥️

The following Cisco products are affected if they are running a vulnerable release of Cisco IOS Software:

  • Catalyst 2960X Series Switches
  • Catalyst 2960XR Series Switches
  • Catalyst 2960CX Series Switches
  • Catalyst 3560CX Series Switches

Fixed software 🔧

Upgrade to at least the first fixed release in your train (or later):

Product / Release Train First Fixed Release Notes
ISE / ISE-PIC 1.0 Initial public release.

Workarounds 🧯

There are no workarounds available to mitigate this vulnerability.

Risk in context 🎯

With a CVSS score of 6.8, this vulnerability is classified as Medium severity. However, due to the nature of the exploit—allowing arbitrary code execution at boot—it poses a significant risk to the integrity and security of affected devices. Organizations should prioritize applying the available software updates to protect against potential exploitation.

Fast facts ⚡

  • Vulnerability ID: CVE-2025-20181
  • CVSS Score: 6.8 (Medium)
  • Affected Products: Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches
  • Status: Final advisory
  • Workarounds: None available
  • Fixed Software: Updates available, specific versions not listed

For leadership 🧭

This advisory highlights a critical security vulnerability affecting key networking hardware. It is essential for IT leadership to ensure that all affected devices are updated promptly to mitigate risks. The lack of workarounds emphasizes the urgency of applying the provided software updates. Regularly reviewing security advisories and maintaining up-to-date software is vital for safeguarding organizational assets. For more information, refer to the full advisory here.