TIRESIS/Forecast/CVE-2025-20144

LOW RISK

CVE-2025-20144

A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of t…

SMB Attack Probability Score

18/100low

Weighted: EPSS · CISA KEV · SMB stack prevalence · exploit maturity · CVSS vector

CVSS v3

4

EPSS (30d)

0.08%

SMB Exposure

42.5/100

Attack Vector

NETWORK

Complexity

HIGH

Privileges

NONE

🔓

SMB Impact

How this vulnerability affects a real small business

1

How this breaks an SMB

Firewall or VPN compromise gives attackers full internal network access — no further credentials needed. All connected systems are immediately at risk.

2

Typical real-world scenario

Automated scanner identifies the exposed appliance. Within hours, lateral movement begins: file servers, domain controller, and backup systems are reached.

3

Estimated downtime & cost

Est. downtime

3–7 days

Business cost range

€15K–€80K

4

What IT should check this week

Is this appliance directly internet-facing?

Is firmware/OS version patched to latest?

Are admin consoles accessible without MFA?

Is network segmentation between IT and OT/servers active?

Scenarios are generated based on software category and CVE characteristics. Cost ranges reflect SMB incidents in TIRESIS incident database.

Threat Evolution Timeline

From disclosure to predicted exploitation — 3 events

◈ 1 predicted

📋

12 Mar 2025

Vulnerability disclosed

CVE published by NVD with CVSS 4 (MEDIUM)

📍

TODAY

Today

EPSS: 0.1% probability of exploitation in next 30 days. SMB Risk Score: 18/100

Forecast →

✅

29 Jun 2026◈ predicted · in 60 days

Predicted: widespread patch adoption

Low EPSS suggests limited active exploitation. Most organizations expected to patch in routine maintenance cycle.

◈ Predicted eventsare estimates based on EPSS score, exploit maturity, and historical CVE progression patterns. They are not guaranteed outcomes.

Affected Products

ncs 5502-sencs 57b1-5dse-sysncs 540x-4z14g2q-ancs 540x-6z18g-sys-dncs 540x-8z16g-sys-dncs 560-7ncs 5508ncs 540x-6z18g-sys-ancs 540x-16z8q2c-dncs 57b1-6d24-sysncs 540-acc-sysncs 540-6z18g-sys-ancs 540x-12z16g-sys-ancs 540-24z8q2c-sysncs 540-12z20g-sys-dncs 540x-16z4g8q2c-dncs 540-28z4c-sys-ancs 57c3-mod-sysncs 540-24q8l2dd-sysncs 540-12z20g-sys-ancs 540x-8z16g-sys-ancs 5516ncs 540x-12z16g-sys-dncs 540-6z18g-sys-d

Remediation & References

What to do

🌐No authentication required — restrict external access nowhigh

This vulnerability can be exploited remotely without credentials or user interaction. Until patched: block access to the affected service from the internet using firewall rules or ACLs. Only allow access from trusted IPs.

NVD Full Entry ↗Official vulnerability detail, CVSS vectors, CPE list EPSS Score ↗Exploit Prediction Scoring System — FIRST.org Mitre CVE ↗MITRE CVE Program official entry

Vendor & Exploit References

Cisco Security Advisories ↗GitHub Advisory Search ↗Exploit-DB ↗

Scoring Methodology

SMB Attack Probability Score weights: EPSS exploit likelihood (35%), CISA KEV active exploitation (25%), SMB stack prevalence (20%), exploit maturity (10%), CVSS network vector complexity (10%). Impact scenarios are derived from software category and historical SMB incident patterns. Scores recompute daily.