CVE-2025-20127

CWE-4044 documents4 sources

Severity

7.7HIGH

EPSS

0.2%

top 59.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Adaptive Security Appliance (asa) Software Cisco Cisco Firepower Threat Defense Software Cisco Adaptive Security Appliance Software +1 more

Timeline

PublishedAug 14

Description

A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Cisco Firepower 3100 and 4200 Series devices could allow an authenticated, remote attacker to consume resources that are associated with incoming TLS 1.3 connections, which eventually could cause the device to stop accepting any new SSL/TLS or VPN requests. This vulnerability is due to the implementat…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0

Affected Packages4 packages

▶NVDcisco/adaptive_security_appliance_software10 versions+9

▶CVEListV5cisco/cisco_firepower_threat_defense_software6 versions+5

▶CVEListV5cisco/cisco_adaptive_security_appliance_(asa)_software10 versions+9

▶NVDcisco/firepower_threat_defense6 versions+5

🔴Vulnerability Details

GHSA

GHSA-pgh5-2r5j-h8rf: A vulnerability in the TLS 1↗2025-08-14

▶

CVEList

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 3100 and 4200 Series TLS Cipher Denial of Service Vulnerability↗2025-08-14

▶

📋Vendor Advisories

Cisco

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software for Firepower 3100 and 4200 Series TLS 1.3 Cipher Denial of Service Vulnerability↗2025-08-14

▶