CVE-2025-20136

CWE-8354 documents4 sources
Severity
8.6HIGH
EPSS
0.1%
top 81.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Adaptive Security Appliance (asa) SoftwareCisco Cisco Firepower Threat Defense Software
Timeline
PublishedAug 14

Description

A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an infinite loop condition that occurs when a Cisco Secure ASA or Cisco Secure FTD device proc

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Network Address Translation DNS Inspection Denial of Service Vulnerability2025-08-14
GHSA
GHSA-w4q8-8r22-vpjc: A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Securi2025-08-14

📋Vendor Advisories

1
Cisco
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Network Address Translation DNS Inspection Denial of Service Vulnerability2025-08-14
CVE-2025-20136 (HIGH CVSS 8.6) | A vulnerability in the function tha | cvebase.io