Cyber Resilience

CVE-2025-20165

High

Published: 22 January 2025

Published
22 January 2025
Modified
06 August 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0306 87.0th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20165 is a high-severity Memory Allocation with Excessive Size Value (CWE-789) vulnerability in Cisco Broadworks Network Server. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).

Deeper analysis

A vulnerability in the SIP processing subsystem of Cisco BroadWorks stems from improper memory handling for certain SIP requests. The affected component is the Network Servers that handle SIP traffic, where exhaustion of allocated memory can occur under sustained load.

An unauthenticated remote attacker can exploit the flaw by sending a high volume of SIP requests to an affected system. Successful exploitation exhausts memory on the Network Servers, halting processing of incoming requests and producing a denial-of-service condition that requires manual intervention to restore service. The issue carries a CVSS 3.1 score of 7.5 with network attack vector, low complexity, and no required privileges or user interaction.

The Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-sip-dos-mSySbrmt addresses the vulnerability. The associated EPSS score remains flat at a peak and current value of 0.0306, indicating no material increase in observed exploitation interest after disclosure.

EU & UK References

Vulnerability details

A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition. This vulnerability is due to improper memory handling…

more

for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability in public-facing SIP service allows unauthenticated remote memory exhaustion leading to application DoS via crafted request flooding.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-20103Same vendor: Cisco
CVE-2026-20039Same vendor: Cisco
CVE-2025-20142Same vendor: Cisco
CVE-2025-20115Same vendor: Cisco
CVE-2025-20337Same vendor: Cisco
CVE-2025-20175Same vendor: Cisco
CVE-2025-20171Same vendor: Cisco
CVE-2025-20343Same vendor: Cisco
CVE-2025-20174Same vendor: Cisco
CVE-2026-20100Same vendor: Cisco

Affected Assets

cisco
broadworks network server
≤ 2024.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the improper memory handling flaw in the SIP processing subsystem by requiring identification, reporting, testing, and correction of the specific vulnerability.

prevent

Implements denial-of-service protections at system entry points to prevent memory exhaustion from high volumes of crafted SIP requests.

prevent

Provides memory protection controls that mitigate memory-related vulnerabilities like uncontrolled memory allocation exploited by certain SIP requests.

References