EXECUTIVE SUMMARY:
A critical vulnerability affects the IS-IS feature in Cisco Nexus 3000 and 9000 Series switches running NX-OS, tracked as CVE-2025-20241 with a CVSS score of 7.4. An unauthenticated, Layer 2-adjacent attacker could exploit insufficient input validation in IS-IS packets to crash the IS-IS process, potentially reloading the device and causing a denial-of-service condition. Only devices with IS-IS enabled on at least one interface are affected, while others like Nexus 9000 in ACI mode and UCS Fabric Interconnects are not vulnerable. Enabling IS-IS area authentication can reduce risk, but no full workaround exists. Cisco has released free NX-OS updates to address the issue, and customers can verify exposure via CLI commands or contact support for patch entitlement.