CVE-2025-20243

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

A

vulnerability in the management and VPN web servers of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability is due to improper validation of user-supplied input on an interface with VPN web services. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on an affected device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-dos-mfPekA6e

Configurations

No configuration.

History

15 Aug 2025, 13:12

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-14 17:15

Updated : 2025-08-15 13:12

NVD link : CVE-2025-20243

Mitre link : CVE-2025-20243

CVE.ORG link : CVE-2025-20243

JSON object : View

Products Affected

No product.

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

{"id": "CVE-2025-20243", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2025-08-14T17:15:38.137", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-dos-mfPekA6e", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the management and VPN web servers of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\r\n\r\nThis vulnerability is due to improper validation of user-supplied input on an interface with VPN web services. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on an affected device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads."}, {"lang": "es", "value": "Una vulnerabilidad en los servidores web de administraci\u00f3n y VPN del software Cisco Secure Firewall ASA y del software Secure FTD podr\u00eda permitir que un atacante remoto no autenticado provoque la recarga inesperada del dispositivo, lo que resulta en una denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de la informaci\u00f3n proporcionada por el usuario en una interfaz con servicios web VPN. Un atacante podr\u00eda explotar esta vulnerabilidad enviando solicitudes HTTP manipuladas a un servidor web espec\u00edfico en un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante provocar una denegaci\u00f3n de servicio (DoS) al recargar el dispositivo."}], "lastModified": "2025-08-15T13:12:51.217", "sourceIdentifier": "[email protected]"}