CVE-2025-20165
Published: 22 January 2025
Summary
CVE-2025-20165 is a high-severity Memory Allocation with Excessive Size Value (CWE-789) vulnerability in Cisco Broadworks Network Server. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the improper memory handling flaw in the SIP processing subsystem by requiring identification, reporting, testing, and correction of the specific vulnerability.
Implements denial-of-service protections at system entry points to prevent memory exhaustion from high volumes of crafted SIP requests.
Provides memory protection controls that mitigate memory-related vulnerabilities like uncontrolled memory allocation exploited by certain SIP requests.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing SIP service allows unauthenticated remote memory exhaustion leading to application DoS via crafted request flooding.
NVD Description
A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition. This vulnerability is due to improper memory handling…
more
for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover.
Deeper analysisAI
CVE-2025-20165 is a vulnerability in the SIP processing subsystem of Cisco BroadWorks, stemming from improper memory handling for certain SIP requests. This issue affects the Cisco BroadWorks Network Servers responsible for handling SIP traffic. Published on 2025-01-22, it has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-789.
An unauthenticated, remote attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. Successful exploitation would exhaust the memory allocated to the Network Servers, preventing them from processing incoming requests and resulting in a denial of service (DoS) condition that requires manual intervention to recover.
Cisco has issued a security advisory detailing the vulnerability at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-sip-dos-mSySbrmt. Additional references include https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html and https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA. Security practitioners should consult these for mitigation and patch information.
Details
- CWE(s)