CVE-2025-20237

CVSS v3 6.0 MEDIUM

6.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

A

vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-cmdinj-VEhFeZQ3

Configurations

No configuration.

History

15 Aug 2025, 13:12

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-14 17:15

Updated : 2025-08-15 13:12

NVD link : CVE-2025-20237

Mitre link : CVE-2025-20237

CVE.ORG link : CVE-2025-20237

JSON object : View

Products Affected

No product.

CWE

CWE-146

Improper Neutralization of Expression/Command Delimiters

{"id": "CVE-2025-20237", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.8}]}, "published": "2025-08-14T17:15:37.233", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-cmdinj-VEhFeZQ3", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-146"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying operating system as root."}, {"lang": "es", "value": "Una vulnerabilidad en el software Cisco Secure Firewall Adaptive Security Appliance (ASA) y el software Cisco Secure Firewall Threat Defense (FTD) podr\u00eda permitir que un atacante local autenticado ejecute comandos arbitrarios en el sistema operativo subyacente con privilegios de root. Para explotar esta vulnerabilidad, el atacante debe tener credenciales administrativas v\u00e1lidas. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de los comandos proporcionados por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad autentic\u00e1ndose en un dispositivo y enviando una entrada manipulada para comandos espec\u00edficos. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos en el sistema operativo subyacente como root."}], "lastModified": "2025-08-15T13:12:51.217", "sourceIdentifier": "[email protected]"}