CVE-2025-20225
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-14

Last updated on: 2025-08-15

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to a lack of proper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. In the case of Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly. In the case of Cisco ASA and FTD Software, a successful exploit could allow the attacker to partially exhaust system memory, causing system instability such as being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-14
Last Modified
2025-08-15
Generated
2026-05-07
AI Q&A
2025-08-14
EPSS Evaluated
2026-05-05
NVD
CVE-2025-20225
EUVD
EUVD-2025-24875
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
cisco ftd *
cisco ios_xe *
cisco ios *
cisco asa *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Internet Key Exchange Version 2 (IKEv2) feature of certain Cisco software products. It allows an unauthenticated remote attacker to send specially crafted IKEv2 packets that cause a memory leak. This memory leak can lead to a denial of service (DoS) condition, such as device reloads or system instability.


How can this vulnerability impact me? :

Exploitation of this vulnerability can cause affected Cisco devices to reload unexpectedly or partially exhaust system memory. This results in denial of service conditions, including inability to establish new IKEv2 VPN sessions and overall system instability. Recovery requires a manual reboot of the device.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart