CVE-2025-20251
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-15
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | secure_firewall_threat_defense | * |
| cisco | secure_firewall_adaptive_security_appliance | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Remote Access SSL VPN service of Cisco Secure Firewall ASA and FTD Software. It allows an authenticated remote attacker to create or delete arbitrary files on the device's underlying operating system by sending crafted HTTP requests. This happens due to insufficient input validation when processing these requests. Exploiting this can cause the VPN service to become unresponsive and requires a manual reboot to recover.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to denial of service (DoS) by causing new Remote Access SSL VPN sessions to be denied and existing sessions to be dropped. The attacker can manipulate critical system files, disrupting VPN service availability and requiring a manual reboot of the device to restore functionality.