CVE-2025-20237
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-15
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | secure_firewall_threat_defense | * |
| cisco | secure_firewall_adaptive_security_appliance | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-146 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as expression or command delimiters when they are sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Cisco Secure Firewall ASA and FTD Software, where an authenticated local attacker with administrative credentials can execute arbitrary commands on the underlying operating system with root-level privileges. It is caused by insufficient input validation of user-supplied commands, allowing crafted input to be executed with high privileges.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with administrative access to execute any command on the system as root, potentially leading to full control over the device, unauthorized access to sensitive data, disruption of services, and compromise of network security.