CVE-2025-20135
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-15
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | secure_firewall_threat_defense | * |
| cisco | secure_firewall_adaptive_security_appliance | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the DHCP client functionality of Cisco Secure Firewall ASA and FTD Software. It occurs because the software improperly validates incoming DHCP packets. An unauthenticated attacker who is adjacent to the device can exploit this by sending specially crafted DHCPv4 packets repeatedly, causing the device to exhaust its available memory. This leads to a Denial of Service (DoS) condition requiring a manual reboot.
How can this vulnerability impact me? :
Exploiting this vulnerability can cause the affected Cisco firewall device to run out of memory, which disrupts the availability of services and prevents new processes from starting. This results in a Denial of Service (DoS) condition, potentially causing network downtime until the device is manually rebooted.