CVE-2025-20165
Published: 22 January 2025
Summary
CVE-2025-20165 is a high-severity Memory Allocation with Excessive Size Value (CWE-789) vulnerability in Cisco Broadworks Network Server. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability in the SIP processing subsystem of Cisco BroadWorks stems from improper memory handling for certain SIP requests. The affected component is the Network Servers that handle SIP traffic, where exhaustion of allocated memory can occur under sustained load.
An unauthenticated remote attacker can exploit the flaw by sending a high volume of SIP requests to an affected system. Successful exploitation exhausts memory on the Network Servers, halting processing of incoming requests and producing a denial-of-service condition that requires manual intervention to restore service. The issue carries a CVSS 3.1 score of 7.5 with network attack vector, low complexity, and no required privileges or user interaction.
The Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-sip-dos-mSySbrmt addresses the vulnerability. The associated EPSS score remains flat at a peak and current value of 0.0306, indicating no material increase in observed exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2157
Vulnerability details
A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition. This vulnerability is due to improper memory handling…
more
for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing SIP service allows unauthenticated remote memory exhaustion leading to application DoS via crafted request flooding.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the improper memory handling flaw in the SIP processing subsystem by requiring identification, reporting, testing, and correction of the specific vulnerability.
Implements denial-of-service protections at system entry points to prevent memory exhaustion from high volumes of crafted SIP requests.
Provides memory protection controls that mitigate memory-related vulnerabilities like uncontrolled memory allocation exploited by certain SIP requests.