High-severity vulnerability CVE-2025-20111 is related to Nexus 9k standalone mode and could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial-of-service (DoS) condition.

This vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload.

A workaround is available, but implementing the workaround on those releases may result in prolonged control plane instability

Only the below Nexus 9k device models are affected:

• Nexus 9200 Series Switches in standalone NX-OS mode
• Nexus 9300 Series Switches in standalone NX-OS mode
• Nexus 9400 Series Switches in standalone NX-OS mode

Implementing the workaround on those releases may result in prolonged control plane instability.

To stop the device from reloading when the diagnostic test L2ACLRedirect repeatedly fails, use the following configuration commands to override the default test behavior and only log failures:

nxos# configure nxos(config)# event manager applet l2acl_override override __L2ACLRedirect nxos(config-applet)# action 1 syslog priority emergencies msg l2aclFailed

While this workaround has been deployed and was proven successful in a test environment.

Cisco has released Nexus software 10.5.2, which addresses this vulnerability.

Regards