CVE-2025-20360
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-15

Last updated on: 2026-02-12

Assigner: Cisco Systems, Inc.

Description
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a lack of complete error checking when the MIME fields of the HTTP header are parsed. An attacker could exploit this vulnerability by sending crafted HTTP packets through an established connection to be parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS condition when the Snort 3 Detection Engine unexpectedly restarts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-15
Last Modified
2026-02-12
Generated
2026-06-16
AI Q&A
2025-10-15
EPSS Evaluated
2026-06-15
NVD
CVE-2025-20360
EUVD
EUVD-2025-34664
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
cisco open_source_snort 3.9.1.0
cisco secure_firewall_threat_defense 7.0.0
cisco cyber_vision *
cisco meraki_mx *
cisco ios_xe *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-805 The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Snort 3 HTTP Decoder used by multiple Cisco products. It is caused by incomplete error checking when parsing the MIME fields of HTTP headers. An unauthenticated, remote attacker can exploit this by sending specially crafted HTTP packets through an established connection that Snort 3 processes. Exploiting this flaw can cause the Snort 3 Detection Engine to unexpectedly restart, resulting in a denial of service (DoS) condition. [1]

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition. An attacker can cause the Snort 3 Detection Engine to restart unexpectedly, which may disrupt network security monitoring and intrusion detection capabilities. This could lead to reduced visibility into network threats and potentially allow other attacks to go undetected during the downtime. [1]

Detection Guidance

This vulnerability can be detected by verifying if Snort 3 is active on your devices, as only configurations running Snort 3 are vulnerable. Cisco provides tools such as the Cisco Software Checker to help identify affected software versions and whether your system is running vulnerable Snort 3 versions. Specific commands are not provided in the resources. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading to the fixed software releases provided by Cisco. For Open Source Snort 3, upgrade to version 3.9.3.0 or later. For Cisco Secure Firewall and IOS XE products, apply the fixed releases detailed in Cisco’s advisory and associated bug IDs (CSCwq15864). Cisco Meraki fixes are planned for February 2026. There are no available workarounds, so upgrading is strongly advised. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-20360. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart