CVE-2025-20363
BaseFortify
Publication date: 2025-09-25
Last updated on: 2026-02-10
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | ios_xr | 6.5.1 |
| cisco | ios_xr | 6.5.2 |
| cisco | ios_xr | 6.5.3 |
| cisco | ios_xr | 6.6.2 |
| cisco | ios_xr | 6.6.25 |
| cisco | ios_xr | 6.6.3 |
| cisco | ios_xr | 6.7.1 |
| cisco | ios_xr | 6.7.2 |
| cisco | ios_xr | 6.7.3 |
| cisco | ios_xr | 6.8.1 |
| cisco | ios_xr | 6.8.2 |
| cisco | ios_xr | 6.9.1 |
| cisco | ios_xr | 6.9.2 |
| cisco | adaptive_security_appliance_software | From 9.12 (inc) to 9.12.4.72 (exc) |
| cisco | adaptive_security_appliance_software | From 9.14 (inc) to 9.14.4.28 (exc) |
| cisco | adaptive_security_appliance_software | From 9.16 (inc) to 9.16.4.84 (exc) |
| cisco | adaptive_security_appliance_software | From 9.22 (inc) to 9.22.2 (exc) |
| cisco | adaptive_security_appliance_software | From 9.23 (inc) to 9.23.1.3 (exc) |
| cisco | adaptive_security_appliance_software | From 9.17.1 (inc) to 9.18.4.57 (exc) |
| cisco | adaptive_security_appliance_software | From 9.19.1 (inc) to 9.19.1.42 (exc) |
| cisco | adaptive_security_appliance_software | From 9.20.1 (inc) to 9.20.3.16 (exc) |
| cisco | ios | From 12.2(15)b (inc) to 15.9(3 (inc) |
| cisco | ios_xe | From 3.2.0sg (inc) to 17.17.1 (inc) |
| cisco | firepower_threat_defense | 7.6.0 |
| cisco | firepower_threat_defense | From 7.0.0 (inc) to 7.0.8 (exc) |
| cisco | firepower_threat_defense | From 7.1.0 (inc) to 7.2.10 (exc) |
| cisco | firepower_threat_defense | From 7.3.0 (inc) to 7.4.2.3 (exc) |
| cisco | firepower_threat_defense | From 7.7.0 (inc) to 7.7.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the web services of various Cisco software products, including Cisco Secure Firewall ASA, FTD, IOS, IOS XE, and IOS XR. It is caused by improper validation of user-supplied input in HTTP requests. An attacker can exploit this by sending specially crafted HTTP requests to the targeted device's web service. Depending on the product, the attacker may be unauthenticated or have low privileges. Successful exploitation allows the attacker to execute arbitrary code with root privileges, potentially leading to full device compromise.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to an attacker executing arbitrary code as root on the affected device. This means the attacker could gain complete control over the device, potentially disrupting network security, intercepting or altering data, and causing denial of service or other malicious activities.