CVE-2025-20183Improper Input Validation in Cisco Secure WEB Appliance

CWE-20Improper Input Validation4 documents4 sources
Severity
5.3MEDIUMNVD
CNA5.8
EPSS
0.3%
top 47.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Secure WEB ApplianceCisco Asyncos
Timeline
PublishedFeb 5

Description

A vulnerability in a policy-based Cisco Application Visibility and Control (AVC) implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to evade the antivirus scanner and download a malicious file onto an endpoint. The vulnerability is due to improper handling of a crafted range request header. An attacker could exploit this vulnerability by sending an HTTP request with a crafted range request header through the affected device. A

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_secure_web_appliance51 versions+50
NVDcisco/asyncos51 versions+50

🔴Vulnerability Details

2
CVEList
Cisco Secure Web Appliance Range Request Bypass Vulnerability2025-02-05
GHSA
GHSA-6fqv-9m7r-mcwr: A vulnerability in a policy-based Cisco Application Visibility and Control (AVC) implementation of Cisco AsyncOS Software for Cisco Secure Web Applian2025-02-05

📋Vendor Advisories

1
Cisco
Cisco Secure Web Appliance Range Request Bypass Vulnerability2025-02-05
CVE-2025-20183 — Improper Input Validation in Cisco | cvebase