CVE-2025-20268
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-15
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | secure_firewall_threat_defense | 7.7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-229 | The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Geolocation-Based Remote Access VPN feature of Cisco Secure Firewall Threat Defense Software. It allows an unauthenticated, remote attacker to bypass configured policies that control HTTP connections based on country or region. The issue arises because the URL string is not fully parsed, enabling an attacker to send a specially crafted HTTP connection that can circumvent these policies.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to bypass network access policies that restrict HTTP connections by geographic location. This means an attacker could gain unauthorized access to a network or resources that should have been denied based on the configured geolocation policies, potentially leading to unauthorized network access or data exposure.